TIBCO BusinessConnect Trading Community Management Reflected Cross Site
Scripting Vulnerability

  Original release date: May 18, 2022
  Last revised: ---
  Source: TIBCO Software Inc.


Products Affected

  TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below

  The following component is affected:

    * Web Server


Description

  The component listed above contains easily exploitable Reflected Cross Site
  Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with
  network access to execute scripts targeting the affected system or the
  victim's local system.


Impact

  Successful execution of this vulnerability can result in an attacker gaining
  partial access to the affected system and can result in unauthorized read,
  update, insert or delete access to a subset of resources.

  CVSS v3 Base Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)


Solution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below:
    update to version 6.1.1 or later


References

  https://www.tibco.com/services/support/advisories
  CVE-2022-22777