TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: November 14, 2023 - TIBCO EBX - CVE-2023-26222
- TIBCO EBX versions 5.9.22 and below
- TIBCO EBX versions 6.0.13 and below
- TIBCO Product and Service Catalog powered by TIBCO EBX versions 5.0.0 and below
The following component is affected:
- Web Application
The component listed above contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system.
The impact of this vulnerability includes the theoretical possibility resulting in unauthorized ability to update, insert or delete TIBCO EBX® data.
CVSS v3.1 Base Score: 8.7 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO EBX versions 5.9.22 and below: update to version 5.9.23 or later
- TIBCO EBX versions 6.0.13 and below: update to version 6.0.14 or later
- TIBCO Product and Service Catalog powered by TIBCO EBX versions 5.0.0 and below: update to version 5.1.0 or later