PT-2022-20179 · Tibco Software · Tibco Iway Service Manager
Published
2022-08-02
·
Updated
2022-08-09
·
CVE-2022-30571
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO iWay Service Manager versions 8.0.6 and below
Description
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities. These vulnerabilities allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system.
Recommendations
For versions 8.0.6 and below, update to a version above 8.0.6 to resolve the issue. As a temporary workaround, consider restricting access to the iWay Service Manager Console component to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Iway Service Manager