TIBCO BusinessConnect Reflected XSS Vulnerability
CVE-2023-26214

5.4MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Businessconnect
Vendor: CVE Published:; 22 February 2023

What is CVE-2023-26214?

The BusinessConnect UI component of TIBCO BusinessConnect is susceptible to reflected cross site scripting (XSS) vulnerabilities. These vulnerabilities can be easily exploited by low privileged attackers who possess network access, allowing them to execute potentially malicious scripts that target the affected system or the victim's local machine. Users on affected versions are advised to take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

TIBCO BusinessConnect <= 7.3.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2023
Vulnerability Reserved
Feb 20, 2023

Tibco

What is CVE-2023-26214?

Affected Version(s)

References

CVSS V3.1

Timeline