Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric by TIBCO Software Inc.
CVE-2022-22775 (GCVE-0-2022-22775)
Vulnerability from nvd – Published: 2022-05-17 17:30 – Updated: 2024-09-17 03:37
VLAI?
Title
TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability
Summary
The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below.
Severity ?
8.1 (High)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BPM Enterprise |
Affected:
unspecified , ≤ 4.3.1
(custom)
|
|||||||
|
|||||||||
Date Public ?
2022-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BPM Enterprise",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Workspace client component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T18:06:11.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.1 and below: update to version 4.3.2 or later\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below: update to version 4.3.2 or later"
}
],
"source": {
"discovery": "ING Bank N.V."
},
"title": "TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-05-17T17:00:00Z",
"ID": "CVE-2022-22775",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BPM Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.1"
}
]
}
},
{
"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Workspace client component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.1 and below: update to version 4.3.2 or later\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below: update to version 4.3.2 or later"
}
],
"source": {
"discovery": "ING Bank N.V."
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22775",
"datePublished": "2022-05-17T17:30:14.875Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:44.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23272 (GCVE-0-2021-23272)
Vulnerability from nvd – Published: 2021-01-26 18:15 – Updated: 2024-09-16 17:38
VLAI?
Title
TIBCO BPM Cross Site Scripting (XSS)
Summary
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.
Severity ?
4.6 (Medium)
CWE
- Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BPM Enterprise |
Affected:
unspecified , ≤ 4.3.0
(custom)
|
|||||||
|
|||||||||
Date Public ?
2021-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BPM Enterprise",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Application Development Clients component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T18:15:13.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO BPM Cross Site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-01-26T17:00:00Z",
"ID": "CVE-2021-23272",
"STATE": "PUBLIC",
"TITLE": "TIBCO BPM Cross Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BPM Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
},
{
"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Application Development Clients component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23272",
"datePublished": "2021-01-26T18:15:13.846Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:38:34.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22775 (GCVE-0-2022-22775)
Vulnerability from cvelistv5 – Published: 2022-05-17 17:30 – Updated: 2024-09-17 03:37
VLAI?
Title
TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability
Summary
The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below.
Severity ?
8.1 (High)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BPM Enterprise |
Affected:
unspecified , ≤ 4.3.1
(custom)
|
|||||||
|
|||||||||
Date Public ?
2022-05-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BPM Enterprise",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Workspace client component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-17T18:06:11.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.1 and below: update to version 4.3.2 or later\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below: update to version 4.3.2 or later"
}
],
"source": {
"discovery": "ING Bank N.V."
},
"title": "TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-05-17T17:00:00Z",
"ID": "CVE-2022-22775",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BPM Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.1"
}
]
}
},
{
"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Workspace client component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-17-2022-tibco-activematrix-bpm-cve-2022-22775"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.1 and below: update to version 4.3.2 or later\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.1 and below: update to version 4.3.2 or later"
}
],
"source": {
"discovery": "ING Bank N.V."
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22775",
"datePublished": "2022-05-17T17:30:14.875Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:37:44.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23272 (GCVE-0-2021-23272)
Vulnerability from cvelistv5 – Published: 2021-01-26 18:15 – Updated: 2024-09-16 17:38
VLAI?
Title
TIBCO BPM Cross Site Scripting (XSS)
Summary
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.
Severity ?
4.6 (Medium)
CWE
- Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BPM Enterprise |
Affected:
unspecified , ≤ 4.3.0
(custom)
|
|||||||
|
|||||||||
Date Public ?
2021-01-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BPM Enterprise",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Application Development Clients component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-26T18:15:13.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO BPM Cross Site Scripting (XSS)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-01-26T17:00:00Z",
"ID": "CVE-2021-23272",
"STATE": "PUBLIC",
"TITLE": "TIBCO BPM Cross Site Scripting (XSS)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BPM Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
},
{
"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.3.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Application Development Clients component of TIBCO Software Inc.\u0027s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23272",
"datePublished": "2021-01-26T18:15:13.846Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:38:34.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}