TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities Original release date: January 28, 2020 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO Patterns - Search versions 5.4.0 and below The following component is affected: * user interface Description The component listed above contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Impact The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain all privileges available via the affected component. CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N) Solution TIBCO has released updated versions of the affected systems which address these issues: TIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or higher References http://www.tibco.com/services/support/advisories CVE-2019-17338