TIBCO iProcess Workspace Browser CSRF

  Original release date: November 10, 2020
  Last revised: ---
  Source: TIBCO Software Inc.


Systems Affected

  TIBCO iProcess Workspace (Browser) versions 11.6.0 and below

  The following component is affected:

    * Core


Description

  The component listed above contains a vulnerability that theoretically allows
  an unauthenticated attacker with network access to execute a Cross Site
  Request Forgery (CSRF) attack on the affected system. A successful attack
  using this vulnerability requires human interaction from an authenticated user
  other than the attacker.


Impact

  Successful execution of this vulnerability can result in unauthorized read,
  update, insert or delete access to some of the data in the affected system.

  CVSS v3 Base Score: 5.0 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)


Solution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to
    version 11.8.0 or higher


References

  http://www.tibco.com/services/support/advisories
  CVE-2020-27146