CVE-2023-26218

Name of the Vulnerable Software and Affected Versions TIBCO Nimbus versions 10.6.0 and below

Description The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities. These vulnerabilities allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

Recommendations For versions 10.6.0 and below, consider disabling the Web Client component as a temporary workaround until a patch is available. Restrict access to the Web Client component to minimize the risk of exploitation. Avoid using the Web Client component for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.