Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for TIBCO BusinessConnect by TIBCO Software Inc.

    CVE-2023-26214 (GCVE-0-2023-26214)

    Vulnerability from nvd – Published: 2023-02-22 00:00 – Updated: 2025-03-12 16:02
    VLAI
    Title
    TIBCO BusinessConnect Reflected XSS Vulnerability
    Summary
    The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Affected: unspecified , ≤ 7.3.0 (custom)
    Create a notification for this product.
    Date Public
    2023-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T16:01:49.962180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T16:02:30.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-22T00:00:00.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "url": "https://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
            }
          ],
          "source": {
            "discovery": ""
          },
          "title": "TIBCO BusinessConnect Reflected XSS Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2023-26214",
        "datePublished": "2023-02-22T00:00:00.000Z",
        "dateReserved": "2023-02-20T00:00:00.000Z",
        "dateUpdated": "2025-03-12T16:02:30.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41567 (GCVE-0-2022-41567)

    Vulnerability from nvd – Published: 2023-02-22 00:00 – Updated: 2025-03-12 15:03
    VLAI
    Title
    TIBCO BusinessConnect Stored XSS Vulnerability
    Summary
    The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Affected: unspecified , ≤ 7.3.0 (custom)
    Create a notification for this product.
    Date Public
    2023-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:41.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:03:03.006804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:03:44.452Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-22T00:00:00.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "url": "https://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
            }
          ],
          "source": {
            "discovery": ""
          },
          "title": "TIBCO BusinessConnect Stored XSS Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-41567",
        "datePublished": "2023-02-22T00:00:00.000Z",
        "dateReserved": "2022-09-26T00:00:00.000Z",
        "dateUpdated": "2025-03-12T15:03:44.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26214 (GCVE-0-2023-26214)

    Vulnerability from cvelistv5 – Published: 2023-02-22 00:00 – Updated: 2025-03-12 16:02
    VLAI
    Title
    TIBCO BusinessConnect Reflected XSS Vulnerability
    Summary
    The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Affected: unspecified , ≤ 7.3.0 (custom)
    Create a notification for this product.
    Date Public
    2023-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:46:23.429Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26214",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T16:01:49.962180Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T16:02:30.926Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-22T00:00:00.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "url": "https://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
            }
          ],
          "source": {
            "discovery": ""
          },
          "title": "TIBCO BusinessConnect Reflected XSS Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2023-26214",
        "datePublished": "2023-02-22T00:00:00.000Z",
        "dateReserved": "2023-02-20T00:00:00.000Z",
        "dateUpdated": "2025-03-12T16:02:30.926Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-41567 (GCVE-0-2022-41567)

    Vulnerability from cvelistv5 – Published: 2023-02-22 00:00 – Updated: 2025-03-12 15:03
    VLAI
    Title
    TIBCO BusinessConnect Stored XSS Vulnerability
    Summary
    The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Affected: unspecified , ≤ 7.3.0 (custom)
    Create a notification for this product.
    Date Public
    2023-02-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:49:41.904Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-41567",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-12T15:03:03.006804Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-12T15:03:44.452Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "7.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2023-02-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-22T00:00:00.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "url": "https://www.tibco.com/services/support/advisories"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
            }
          ],
          "source": {
            "discovery": ""
          },
          "title": "TIBCO BusinessConnect Stored XSS Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-41567",
        "datePublished": "2023-02-22T00:00:00.000Z",
        "dateReserved": "2022-09-26T00:00:00.000Z",
        "dateUpdated": "2025-03-12T15:03:44.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }