TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities
CVE-2023-26218

8HIGH

Key Information:

Vendor
Tibco
Vendor
CVE Published:
29 September 2023

Summary

The Web Client component of TIBCO Nimbus developed by TIBCO Software Inc. is susceptible to reflected cross-site scripting (XSS) vulnerabilities. These vulnerabilities enable an attacker, with low privileges, to exploit social engineering tactics aimed at deceiving a legitimate user with network access into executing malicious scripts. The attack hinges on the user’s interaction, as they must unknowingly activate the exploit, which can target both the compromised system and the victim's local environment. Affected versions include TIBCO Nimbus 10.6.0 and below. For further information, users are encouraged to refer to TIBCO's official support resources.

Affected Version(s)

TIBCO Nimbus 0 <= 10.6.0

References

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.