TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: August 2, 2022 - TIBCO iWay Service Manager - CVE-2022-30571
TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS)
Original release date: August 2, 2022
Last revised: ---
Source: TIBCO Software Inc.
- TIBCO iWay Service Manager versions 8.0.6 and below
The following component is affected:
- iWay Service Manager Console
The component listed above contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system.
In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
CVSS v3.1 Base Score: 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later