Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-23272
PUBLISHED
More InfoOfficial Page
Assigner-tibco
Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db
View Known Exploited Vulnerability (KEV) details
Published At-26 Jan, 2021 | 18:15
Updated At-16 Sep, 2024 | 17:38
Rejected At-
▼CVE Numbering Authority (CNA)
TIBCO BPM Cross Site Scripting (XSS)

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.

Affected Products
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO BPM Enterprise
Versions
Affected
  • From unspecified through 4.3.0 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric
Versions
Affected
  • From unspecified through 4.3.0 (custom)
Problem Types
TypeCWE IDDescription
textN/ASuccessful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system.
Type: text
CWE ID: N/A
Description: Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system.
Metrics
VersionBase scoreBase severityVector
3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

TIBCO has released updated versions of the affected components which address these issues. TIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_CONFIRM
Hyperlink: http://www.tibco.com/services/support/advisories
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.tibco.com/services/support/advisories
Resource:
x_refsource_CONFIRM
x_transferred
Details not found