Search criteria
8 vulnerabilities found for businessconnect by tibco
CVE-2023-26214 (GCVE-0-2023-26214)
Vulnerability from nvd – Published: 2023-02-22 00:00 – Updated: 2025-03-12 16:02
VLAI?
Title
TIBCO BusinessConnect Reflected XSS Vulnerability
Summary
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
Severity ?
7.3 (High)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect |
Affected:
unspecified , ≤ 7.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T16:01:49.962180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:02:30.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T00:00:00.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
}
],
"source": {
"discovery": ""
},
"title": "TIBCO BusinessConnect Reflected XSS Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-26214",
"datePublished": "2023-02-22T00:00:00.000Z",
"dateReserved": "2023-02-20T00:00:00.000Z",
"dateUpdated": "2025-03-12T16:02:30.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41567 (GCVE-0-2022-41567)
Vulnerability from nvd – Published: 2023-02-22 00:00 – Updated: 2025-03-12 15:03
VLAI?
Title
TIBCO BusinessConnect Stored XSS Vulnerability
Summary
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
Severity ?
7.3 (High)
CWE
- Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect |
Affected:
unspecified , ≤ 7.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:41.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:03:03.006804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:03:44.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T00:00:00.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
}
],
"source": {
"discovery": ""
},
"title": "TIBCO BusinessConnect Stored XSS Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-41567",
"datePublished": "2023-02-22T00:00:00.000Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-03-12T15:03:44.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43050 (GCVE-0-2021-43050)
Vulnerability from nvd – Published: 2022-02-15 17:55 – Updated: 2024-09-17 00:06
VLAI?
Title
TIBCO BusinessConnect Container Edition administrative username and passwords leakage
Summary
The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
Severity ?
8.4 (High)
CWE
- Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect Container Edition |
Affected:
unspecified , ≤ 1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect Container Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T18:06:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-02-15T17:00:00Z",
"ID": "CVE-2021-43050",
"STATE": "PUBLIC",
"TITLE": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BusinessConnect Container Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-43050",
"datePublished": "2022-02-15T17:55:12.755729Z",
"dateReserved": "2021-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:06:19.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43049 (GCVE-0-2021-43049)
Vulnerability from nvd – Published: 2022-02-15 17:55 – Updated: 2024-09-17 01:40
VLAI?
Title
TIBCO BusinessConnect Container Edition username and password leakage
Summary
The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
Severity ?
9.8 (Critical)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect Container Edition |
Affected:
unspecified , ≤ 1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect Container Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T18:06:14",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO BusinessConnect Container Edition username and password leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-02-15T17:00:00Z",
"ID": "CVE-2021-43049",
"STATE": "PUBLIC",
"TITLE": "TIBCO BusinessConnect Container Edition username and password leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BusinessConnect Container Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-43049",
"datePublished": "2022-02-15T17:55:11.326208Z",
"dateReserved": "2021-10-27T00:00:00",
"dateUpdated": "2024-09-17T01:40:32.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-26214 (GCVE-0-2023-26214)
Vulnerability from cvelistv5 – Published: 2023-02-22 00:00 – Updated: 2025-03-12 16:02
VLAI?
Title
TIBCO BusinessConnect Reflected XSS Vulnerability
Summary
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
Severity ?
7.3 (High)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect |
Affected:
unspecified , ≤ 7.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:46:23.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T16:01:49.962180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:02:30.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T00:00:00.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
}
],
"source": {
"discovery": ""
},
"title": "TIBCO BusinessConnect Reflected XSS Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2023-26214",
"datePublished": "2023-02-22T00:00:00.000Z",
"dateReserved": "2023-02-20T00:00:00.000Z",
"dateUpdated": "2025-03-12T16:02:30.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41567 (GCVE-0-2022-41567)
Vulnerability from cvelistv5 – Published: 2023-02-22 00:00 – Updated: 2025-03-12 15:03
VLAI?
Title
TIBCO BusinessConnect Stored XSS Vulnerability
Summary
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
Severity ?
7.3 (High)
CWE
- Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect |
Affected:
unspecified , ≤ 7.3.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:41.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41567",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T15:03:03.006804Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T15:03:44.452Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-02-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-22T00:00:00.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
}
],
"source": {
"discovery": ""
},
"title": "TIBCO BusinessConnect Stored XSS Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-41567",
"datePublished": "2023-02-22T00:00:00.000Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-03-12T15:03:44.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43050 (GCVE-0-2021-43050)
Vulnerability from cvelistv5 – Published: 2022-02-15 17:55 – Updated: 2024-09-17 00:06
VLAI?
Title
TIBCO BusinessConnect Container Edition administrative username and passwords leakage
Summary
The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
Severity ?
8.4 (High)
CWE
- Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect Container Edition |
Affected:
unspecified , ≤ 1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect Container Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T18:06:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-02-15T17:00:00Z",
"ID": "CVE-2021-43050",
"STATE": "PUBLIC",
"TITLE": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BusinessConnect Container Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-43050",
"datePublished": "2022-02-15T17:55:12.755729Z",
"dateReserved": "2021-10-27T00:00:00",
"dateUpdated": "2024-09-17T00:06:19.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-43049 (GCVE-0-2021-43049)
Vulnerability from cvelistv5 – Published: 2022-02-15 17:55 – Updated: 2024-09-17 01:40
VLAI?
Title
TIBCO BusinessConnect Container Edition username and password leakage
Summary
The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
Severity ?
9.8 (Critical)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO BusinessConnect Container Edition |
Affected:
unspecified , ≤ 1.1.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:47:13.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO BusinessConnect Container Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "1.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-15T18:06:14",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO BusinessConnect Container Edition username and password leakage",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-02-15T17:00:00Z",
"ID": "CVE-2021-43049",
"STATE": "PUBLIC",
"TITLE": "TIBCO BusinessConnect Container Edition username and password leakage"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO BusinessConnect Container Edition",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-43049",
"datePublished": "2022-02-15T17:55:11.326208Z",
"dateReserved": "2021-10-27T00:00:00",
"dateUpdated": "2024-09-17T01:40:32.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}