Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-22769

The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below.

Published

2022-01-19T20:15:07.507

Last Modified

2024-11-21T06:47:24.623

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.0 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tibco	ebx	< 5.8.125	Yes
Application	tibco	ebx	5.9.3	Yes
Application	tibco	ebx	5.9.4	Yes
Application	tibco	ebx	5.9.5	Yes
Application	tibco	ebx	5.9.6	Yes
Application	tibco	ebx	5.9.7	Yes
Application	tibco	ebx	5.9.8	Yes
Application	tibco	ebx	5.9.9	Yes
Application	tibco	ebx	5.9.10	Yes
Application	tibco	ebx	5.9.11	Yes
Application	tibco	ebx	5.9.12	Yes
Application	tibco	ebx	5.9.13	Yes
Application	tibco	ebx	5.9.14	Yes
Application	tibco	ebx	5.9.15	Yes
Application	tibco	ebx	6.0.0	Yes
Application	tibco	ebx	6.0.1	Yes
Application	tibco	ebx	6.0.2	Yes
Application	tibco	ebx	6.0.3	Yes
Application	tibco	ebx_add-ons	< 3.20.19	Yes
Application	tibco	ebx_add-ons	4.1.0	Yes
Application	tibco	ebx_add-ons	4.2.0	Yes
Application	tibco	ebx_add-ons	4.2.1	Yes
Application	tibco	ebx_add-ons	4.2.2	Yes
Application	tibco	ebx_add-ons	4.3.0	Yes
Application	tibco	ebx_add-ons	4.3.1	Yes
Application	tibco	ebx_add-ons	4.3.2	Yes
Application	tibco	ebx_add-ons	4.3.3	Yes
Application	tibco	ebx_add-ons	4.3.4	Yes
Application	tibco	ebx_add-ons	4.4.0	Yes
Application	tibco	ebx_add-ons	4.4.1	Yes
Application	tibco	ebx_add-ons	4.4.2	Yes
Application	tibco	ebx_add-ons	4.4.3	Yes
Application	tibco	ebx_add-ons	4.5.0	Yes
Application	tibco	ebx_add-ons	4.5.1	Yes
Application	tibco	ebx_add-ons	4.5.2	Yes
Application	tibco	ebx_add-ons	4.5.3	Yes
Application	tibco	ebx_add-ons	4.5.4	Yes
Application	tibco	ebx_add-ons	4.5.5	Yes
Application	tibco	ebx_add-ons	4.5.6	Yes
Application	tibco	ebx_add-ons	5.0.0	Yes
Application	tibco	ebx_add-ons	5.0.1	Yes
Application	tibco	ebx_add-ons	5.1.0	Yes
Application	tibco	ebx_add-ons	5.1.1	Yes
Application	tibco	ebx_add-ons	5.2.0	Yes
Application	tibco	product_and_service_catalog_powered_by_tibco_ebx	< 1.2.0	Yes

References

https://www.tibco.com/services/support/advisories Third Party Advisory ([email protected])
https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-19-2022-tibco-ebx-2022-22769 Third Party Advisory ([email protected])
https://www.tibco.com/services/support/advisories Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-19-2022-tibco-ebx-2022-22769 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)