TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities
CVE-2023-26218

8HIGH

Key Information:

Vendor: Tibco
Status: Tibco Nimbus
Vendor: CVE Published:; 29 September 2023

Summary

The Web Client component of TIBCO Nimbus developed by TIBCO Software Inc. is susceptible to reflected cross-site scripting (XSS) vulnerabilities. These vulnerabilities enable an attacker, with low privileges, to exploit social engineering tactics aimed at deceiving a legitimate user with network access into executing malicious scripts. The attack hinges on the user’s interaction, as they must unknowingly activate the exploit, which can target both the compromised system and the victim's local environment. Affected versions include TIBCO Nimbus 10.6.0 and below. For further information, users are encouraged to refer to TIBCO's official support resources.

Affected Version(s)

TIBCO Nimbus 0 <= 10.6.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2023
Vulnerability Reserved
Feb 20, 2023