Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for TIBCO BusinessConnect Trading Community Management by TIBCO Software Inc.

    CVE-2022-22778 (GCVE-0-2022-22778)

    Vulnerability from nvd – Published: 2022-05-18 17:00 – Updated: 2024-09-16 18:24
    VLAI
    Title
    TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Trading Community Management",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T17:06:16.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
            }
          ],
          "source": {
            "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
          },
          "title": "TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-05-18T17:00:00Z",
              "ID": "CVE-2022-22778",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Trading Community Management",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
              }
            ],
            "source": {
              "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22778",
        "datePublished": "2022-05-18T17:00:19.096Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:03.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22777 (GCVE-0-2022-22777)

    Vulnerability from nvd – Published: 2022-05-18 17:00 – Updated: 2024-09-16 16:49
    VLAI
    Title
    TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
    CWE
    • Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources.
    Assigner
    References
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Trading Community Management",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T17:06:15.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
            }
          ],
          "source": {
            "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
          },
          "title": "TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-05-18T17:00:00Z",
              "ID": "CVE-2022-22777",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Trading Community Management",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
              }
            ],
            "source": {
              "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22777",
        "datePublished": "2022-05-18T17:00:17.717Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:49:14.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22776 (GCVE-0-2022-22776)

    Vulnerability from nvd – Published: 2022-05-18 17:00 – Updated: 2024-09-16 19:05
    VLAI
    Title
    TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.157Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Trading Community Management",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T17:06:17.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
            }
          ],
          "source": {
            "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
          },
          "title": "TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-05-18T17:00:00Z",
              "ID": "CVE-2022-22776",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Trading Community Management",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
              }
            ],
            "source": {
              "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22776",
        "datePublished": "2022-05-18T17:00:16.324Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:05:25.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22778 (GCVE-0-2022-22778)

    Vulnerability from cvelistv5 – Published: 2022-05-18 17:00 – Updated: 2024-09-16 18:24
    VLAI
    Title
    TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Trading Community Management",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T17:06:16.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
            }
          ],
          "source": {
            "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
          },
          "title": "TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-05-18T17:00:00Z",
              "ID": "CVE-2022-22778",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Trading Community Management",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
              }
            ],
            "source": {
              "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22778",
        "datePublished": "2022-05-18T17:00:19.096Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:24:03.196Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22777 (GCVE-0-2022-22777)

    Vulnerability from cvelistv5 – Published: 2022-05-18 17:00 – Updated: 2024-09-16 16:49
    VLAI
    Title
    TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
    CWE
    • Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources.
    Assigner
    References
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Trading Community Management",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T17:06:15.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
            }
          ],
          "source": {
            "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
          },
          "title": "TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-05-18T17:00:00Z",
              "ID": "CVE-2022-22777",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Trading Community Management",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
              }
            ],
            "source": {
              "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22777",
        "datePublished": "2022-05-18T17:00:17.717Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:49:14.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-22776 (GCVE-0-2022-22776)

    Vulnerability from cvelistv5 – Published: 2022-05-18 17:00 – Updated: 2024-09-16 19:05
    VLAI
    Title
    TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability
    Summary
    The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Date Public
    2022-05-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T03:21:49.157Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Trading Community Management",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "6.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-05-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-05-18T17:06:17.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
            }
          ],
          "source": {
            "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
          },
          "title": "TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-05-18T17:00:00Z",
              "ID": "CVE-2022-22776",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Trading Community Management",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "6.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Web Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22776"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later"
              }
            ],
            "source": {
              "discovery": "Brett Casper / Wisconsin Physicians Service Insurance Corporation"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2022-22776",
        "datePublished": "2022-05-18T17:00:16.324Z",
        "dateReserved": "2022-01-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:05:25.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }