TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability
CVE-2022-22775

8.1HIGH

Key Information:

Vendor: Tibco
Status: Tibco Bpm Enterprise; Tibco Bpm Enterprise Distribution For Tibco Silver Fabric
Vendor: CVE Published:; 17 May 2022

Summary

The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below.

Affected Version(s)

TIBCO BPM Enterprise <= 4.3.1

TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric <= 4.3.1

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2022/05/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2022
Vulnerability Reserved
Jan 7, 2022