The following components are affected:
The tibbr components listed above contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges.
The impact of this vulnerability includes, for already authorized users, the theoretical escalation of privileges to those of any other user.
CVSS v3 Base Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
For tibbr Community
For tibbr Enterprise