TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability
CVE-2022-22778

8.8HIGH

Key Information:

Vendor: Tibco
Status: Tibco Businessconnect Trading Community Management
Vendor: CVE Published:; 18 May 2022

Summary

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

Affected Version(s)

TIBCO BusinessConnect Trading Community Management <= 6.1.0

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2022/05/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 18, 2022
Vulnerability Reserved
Jan 7, 2022