PT-2023-13991 · Tibco Software · Tibco Product/Service Catalog+1
Published
2023-02-22
·
Updated
2023-03-02
·
CVE-2022-41565
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO EBX versions 5.9.21 and below
TIBCO EBX versions 6.0.11 and below
TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.2.0 and below
Description
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system.
Recommendations
For TIBCO EBX versions 5.9.21 and below, update to a version above 5.9.21 to resolve the issue.
For TIBCO EBX versions 6.0.11 and below, update to a version above 6.0.11 to resolve the issue.
For TIBCO Product and Service Catalog powered by TIBCO EBX versions 1.2.0 and below, update to a version above 1.2.0 to resolve the issue.
As a temporary workaround, consider disabling the Web Application component until a patch is available.
Restrict access to the Web Application component to minimize the risk of exploitation.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Ebx
Tibco Product/Service Catalog