TIBCO ActiveMatrix BPM Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
CVE-2019-11203

8.8HIGH

Key Information:

Vendor: Tibco
Status: Tibco Activematrix Bpm; Tibco Activematrix Bpm Distribution For Tibco Silver Fabric; Tibco Silver Fabric Enabler For Activematrix Bpm
Vendor: CVE Published:; 24 April 2019

Summary

The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

Affected Version(s)

TIBCO ActiveMatrix BPM <= 4.2.0

TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric <= 4.2.0

TIBCO Silver Fabric Enabler for ActiveMatrix BPM <= 1.4.1

References

http://www.tibco.com/services/support/advisories

x_refsource_MISC

https://www.tibco.com/support/advisories/2019/04/tibco-se...

x_refsource_MISC

http://www.securityfocus.com/bid/108057

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 24, 2019
Vulnerability Reserved
Apr 12, 2019

Collectors

NVD DatabaseMitre Database

Credit

TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities.