TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: August 11, 2020 - TIBCO Silver Fabric
- TIBCO Silver Fabric versions 6.0.0 and below
The following component is affected:
The component listed above contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user.
The impact of this vulnerability includes the possibility that an attacker could steal session tokens of the authenticated user which would allow the attacker to hijack the session and perform whatever tasks the user has permission to execute.
CVSS v3 Base Score: 6.8 (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO Silver Fabric versions 6.0.0 and below update to version 6.0.1 or higher