TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities
CVE-2023-26218

8HIGH

Key Information:

Vendor: Tibco
Status: Tibco Nimbus
Vendor: CVE Published:; 29 September 2023

What is CVE-2023-26218?

The Web Client component of TIBCO Nimbus developed by TIBCO Software Inc. is susceptible to reflected cross-site scripting (XSS) vulnerabilities. These vulnerabilities enable an attacker, with low privileges, to exploit social engineering tactics aimed at deceiving a legitimate user with network access into executing malicious scripts. The attack hinges on the user’s interaction, as they must unknowingly activate the exploit, which can target both the compromised system and the victim's local environment. Affected versions include TIBCO Nimbus 10.6.0 and below. For further information, users are encouraged to refer to TIBCO's official support resources.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TIBCO Nimbus 0 <= 10.6.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 29, 2023
Vulnerability Reserved
Feb 20, 2023

JSON

Tibco

What is CVE-2023-26218?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.