TIBCO ActiveMatrix BPM Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
CVE-2019-11203

8.8HIGH

Key Information:

Vendor

Tibco
Status
Tibco Activematrix Bpm
Tibco Activematrix Bpm Distribution For Tibco Silver Fabric
Tibco Silver Fabric Enabler For Activematrix Bpm
Vendor
CVE Published:
24 April 2019

What is CVE-2019-11203?

The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TIBCO ActiveMatrix BPM <= 4.2.0

TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric <= 4.2.0

TIBCO Silver Fabric Enabler for ActiveMatrix BPM <= 1.4.1

References

http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/04/tibco-se...
x_refsource_MISC
http://www.securityfocus.com/bid/108057
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

TIBCO would like to extend its appreciation to Giulio Comi and Flavio Baldassi of Horizon Security for discovery of these vulnerabilities.
JSON
.