Search
Find a vulnerability
Search criteria
2 vulnerabilities found for TIBCO BPM Enterprise by TIBCO Software Inc
CVE-2025-2261 (GCVE-0-2025-2261)
Vulnerability from nvd – Published: 2025-05-21 18:29 – Updated: 2025-05-21 19:47
VLAI
Title
TIBCO BPM Enterprise XSS Vulnerability
Summary
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc | TIBCO BPM Enterprise |
Affected:
4.3 , < 4
(Patch)
|
Date Public
2025-05-13 16:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:46:54.302333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:47:10.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"TIBCO ActiveMatrix Administrator"
],
"product": "TIBCO BPM Enterprise",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "4",
"status": "affected",
"version": "4.3",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-05-13T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user\u0027s browser under the privileges of the web application.\u0026nbsp;"
}
],
"value": "Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user\u0027s browser under the privileges of the web application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T18:29:53.820Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-bpm-enterprise-cve-2025-2261-r220/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO BPM Enterprise XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2025-2261",
"datePublished": "2025-05-21T18:29:53.820Z",
"dateReserved": "2025-03-12T17:33:24.449Z",
"dateUpdated": "2025-05-21T19:47:10.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2261 (GCVE-0-2025-2261)
Vulnerability from cvelistv5 – Published: 2025-05-21 18:29 – Updated: 2025-05-21 19:47
VLAI
Title
TIBCO BPM Enterprise XSS Vulnerability
Summary
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc | TIBCO BPM Enterprise |
Affected:
4.3 , < 4
(Patch)
|
Date Public
2025-05-13 16:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:46:54.302333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:47:10.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"TIBCO ActiveMatrix Administrator"
],
"product": "TIBCO BPM Enterprise",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "4",
"status": "affected",
"version": "4.3",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-05-13T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user\u0027s browser under the privileges of the web application.\u0026nbsp;"
}
],
"value": "Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user\u0027s browser under the privileges of the web application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T18:29:53.820Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-bpm-enterprise-cve-2025-2261-r220/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO BPM Enterprise XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2025-2261",
"datePublished": "2025-05-21T18:29:53.820Z",
"dateReserved": "2025-03-12T17:33:24.449Z",
"dateUpdated": "2025-05-21T19:47:10.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}