CVE-2022-22769

Name of the Vulnerable Software and Affected Versions TIBCO EBX versions 5.8.124 and below TIBCO EBX versions 5.9.3 through 5.9.15 TIBCO EBX versions 6.0.0 through 6.0.3 TIBCO EBX Add-ons versions 3.20.18 and below TIBCO EBX Add-ons versions 4.1.0 through 4.5.6 TIBCO EBX Add-ons versions 5.0.0 through 5.2.0 TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.1.0 and below

Description The Web server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

Recommendations For TIBCO EBX versions 5.8.124 and below, update to a version above 5.8.124. For TIBCO EBX versions 5.9.3 through 5.9.15, update to a version above 5.9.15. For TIBCO EBX versions 6.0.0 through 6.0.3, update to a version above 6.0.3. For TIBCO EBX Add-ons versions 3.20.18 and below, update to a version above 3.20.18. For TIBCO EBX Add-ons versions 4.1.0 through 4.5.6, update to a version above 4.5.6. For TIBCO EBX Add-ons versions 5.0.0 through 5.2.0, update to a version above 5.2.0. For TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.1.0 and below, update to a version above 1.1.0. As a temporary workaround, consider restricting access to the Web server component until a patch is available.