PT-2023-20550 · Tibco Software · Tibco Product/Service Catalog+1
Published
2023-11-14
·
Updated
2023-11-21
·
CVE-2023-26222
CVSS v3.1
8.7
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO EBX versions 5.9.22 and below
TIBCO EBX versions 6.0.13 and below
TIBCO Product and Service Catalog powered by TIBCO EBX versions 5.0.0 and below
Description
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system.
Recommendations
For TIBCO EBX versions 5.9.22 and below, update to a version above 5.9.22 to resolve the issue.
For TIBCO EBX versions 6.0.13 and below, update to a version above 6.0.13 to resolve the issue.
For TIBCO Product and Service Catalog powered by TIBCO EBX versions 5.0.0 and below, update to a version above 5.0.0 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Ebx
Tibco Product/Service Catalog