PT-2022-15666 · Tibco Software · Tibco Bpm Enterprise Distribution For Tibco Silver Fabric+1
Published
2022-05-17
·
Updated
2022-05-25
·
CVE-2022-22775
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO BPM Enterprise versions 4.3.1 and below
TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below
Description
The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities. These vulnerabilities allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system.
Recommendations
For TIBCO BPM Enterprise versions 4.3.1 and below, update to a version above 4.3.1 to resolve the issue.
For TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below, update to a version above 4.3.1 to resolve the issue.
As a temporary workaround, consider restricting access to the Workspace client component to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Bpm Enterprise
Tibco Bpm Enterprise Distribution For Tibco Silver Fabric