CVE-2019-17330
Vulnerability from cvelistv5
Published
2019-11-12 19:15
Modified
2024-09-16 20:16
Severity ?
EPSS score ?
Summary
TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@tibco.com | http://www.tibco.com/services/support/advisories | Issue Tracking, Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330 | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| TIBCO Software Inc. | TIBCO EBX |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO EBX",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.8.1.fixR",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "5.9.3"
},
{
"status": "affected",
"version": "5.9.4"
},
{
"status": "affected",
"version": "5.9.5"
},
{
"status": "affected",
"version": "5.9.6"
}
]
}
],
"datePublic": "2019-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web server component of TIBCO Software Inc.\u0027s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-12T19:15:56",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-11-12T17:00:00.000Z",
"ID": "CVE-2019-17330",
"STATE": "PUBLIC",
"TITLE": "TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO EBX",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "5.8.1.fixR"
},
{
"version_affected": "=",
"version_value": "5.9.3"
},
{
"version_affected": "=",
"version_value": "5.9.4"
},
{
"version_affected": "=",
"version_value": "5.9.5"
},
{
"version_affected": "=",
"version_value": "5.9.6"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web server component of TIBCO Software Inc.\u0027s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17330",
"datePublished": "2019-11-12T19:15:56.379450Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T20:16:20.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-17330\",\"sourceIdentifier\":\"security@tibco.com\",\"published\":\"2019-11-12T20:15:12.107\",\"lastModified\":\"2019-11-18T16:28:56.797\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Web server component of TIBCO Software Inc.\u0027s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.\"},{\"lang\":\"es\",\"value\":\"El componente servidor Web de TIBCO EBX de TIBCO Software Inc. contiene m\u00faltiples vulnerabilidades que te\u00f3ricamente permiten a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) almacenados, y usuarios no autenticados para realizar ataques de tipo cross-site scripting reflejados. Las versiones afectadas son TIBCO EBX de TIBCO Software Inc.: versiones hasta 5.8.1.fixR incluy\u00e9ndola, versiones 5.9.3, 5.9.4, 5.9.5 y 5.9.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0}],\"cvssMetricV30\":[{\"source\":\"security@tibco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.8.1\",\"matchCriteriaId\":\"364FD041-211A-4891-A946-1F3FD02681BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:ebx:5.8.1:fixr:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A6BA4E-72D4-4ED4-8415-23ED5D64DB44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:ebx:5.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0D1197B-AC96-467F-A450-F259CEBDB235\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:ebx:5.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A36F7E33-C880-4A41-AEB9-43EB9A076AD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:ebx:5.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7057CC-ECE4-4AB2-B180-15CC8025F764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:ebx:5.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7306713C-5D57-4377-BA97-997F3F05847D\"}]}]}],\"references\":[{\"url\":\"http://www.tibco.com/services/support/advisories\",\"source\":\"security@tibco.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.