TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: May 18, 2022 - TIBCO BusinessConnect Trading Community Management - CVE-2022-22776
- TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below
The following component is affected:
- Web Server
The component listed above contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker.
In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
CVSS v3 Base Score: 8.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later