TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: May 18, 2022 - TIBCO BusinessConnect Trading Community Management - CVE-2022-22778
- TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below
The following component is affected:
- Web Server
The component listed above contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this
vulnerability requires human interaction from a person other than the attacker.
In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
CVSS v3 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later