TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: February 22, 2023 - TIBCO EBX Add-ons - CVE-2022-41566
TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability
Original release date: February 22, 2023
Last revised: ---
Source: TIBCO Software Inc.
TIBCO EBX Add-ons versions 5.6.0 and below
The following component is affected:
The component listed above contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system.
The impact of this vulnerability includes the theoretical possibility of unauthorized access to TIBCO EBX® Add-ons data. This includes the ability to update, insert, or delete data.
CVSS v3.1 Base Score: 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO EBX Add-ons versions 5.6.0 and below: update to version 5.6.1 or later