Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2022-22777
PUBLISHED
More InfoOfficial Page
Assigner-tibco
Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db
View Known Exploited Vulnerability (KEV) details
Published At-18 May, 2022 | 17:00
Updated At-16 Sep, 2024 | 16:49
Rejected At-
▼CVE Numbering Authority (CNA)
TIBCO BusinessConnect Trading Community Management Reflected Cross Site Scripting Vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

Affected Products
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO BusinessConnect Trading Community Management
Versions
Affected
  • From unspecified through 6.1.0 (custom)
Problem Types
TypeCWE IDDescription
textN/ASuccessful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources.
Type: text
CWE ID: N/A
Description: Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources.
Metrics
VersionBase scoreBase severityVector
3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

TIBCO has released updated versions of the affected components which address these issues. TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.tibco.com/services/support/advisories
x_refsource_CONFIRM
https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777
x_refsource_CONFIRM
Hyperlink: https://www.tibco.com/services/support/advisories
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.tibco.com/services/support/advisories
x_refsource_CONFIRM
x_transferred
https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.tibco.com/services/support/advisories
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22777
Resource:
x_refsource_CONFIRM
x_transferred
Details not found