TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: January 28, 2020 - TIBCO Patterns
- TIBCO Patterns - Search versions 5.4.0 and below
The following component is affected:
- user interface
The component listed above contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks.
The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain all privileges available via the affected component.
CVSS v3 Base Score: 7.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)
TIBCO has released updated versions of the affected systems which address these issues:
- TIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or higher