CVE-2019-17330 - OpenCVE

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Ebx

Configuration 1 [-]

OR	cpe:2.3:a:tibco:ebx::::::::
	cpe:2.3:a:tibco:ebx:5.8.1:fixr::::::
	cpe:2.3:a:tibco:ebx:5.9.3:::::::*
	cpe:2.3:a:tibco:ebx:5.9.4:::::::*
	cpe:2.3:a:tibco:ebx:5.9.5:::::::*
	cpe:2.3:a:tibco:ebx:5.9.6:::::::*

No data.

References

Link	Providers
http://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2019-11-12T19:15:56.379450Z

Updated: 2024-09-16T20:16:20.848Z

Reserved: 2019-10-07T00:00:00

Link: CVE-2019-17330

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-11-12T20:15:12.107

Modified: 2019-11-18T16:28:56.797

Link: CVE-2019-17330

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "TIBCO EBX", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "5.8.1.fixR", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "5.9.3"}, {"status": "affected", "version": "5.9.4"}, {"status": "affected", "version": "5.9.5"}, {"status": "affected", "version": "5.9.6"}]}], "datePublic": "2019-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-12T19:15:56", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher"}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2019-11-12T17:00:00.000Z", "ID": "CVE-2019-17330", "STATE": "PUBLIC", "TITLE": "TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO EBX", "version": {"version_data": [{"version_affected": "<=", "version_value": "5.8.1.fixR"}, {"version_affected": "=", "version_value": "5.9.3"}, {"version_affected": "=", "version_value": "5.9.4"}, {"version_affected": "=", "version_value": "5.9.5"}, {"version_affected": "=", "version_value": "5.9.6"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "MISC", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330", "refsource": "MISC", "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher"}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:14.511Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-17330", "datePublished": "2019-11-12T19:15:56.379450Z", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2024-09-16T20:16:20.848Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", "matchCriteriaId": "364FD041-211A-4891-A946-1F3FD02681BE", "versionEndIncluding": "5.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.8.1:fixr:*:*:*:*:*:*", "matchCriteriaId": "79A6BA4E-72D4-4ED4-8415-23ED5D64DB44", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "A0D1197B-AC96-467F-A450-F259CEBDB235", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "A36F7E33-C880-4A41-AEB9-43EB9A076AD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "AE7057CC-ECE4-4AB2-B180-15CC8025F764", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "7306713C-5D57-4377-BA97-997F3F05847D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."}, {"lang": "es", "value": "El componente servidor Web de TIBCO EBX de TIBCO Software Inc. contiene m\u00faltiples vulnerabilidades que te\u00f3ricamente permiten a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) almacenados, y usuarios no autenticados para realizar ataques de tipo cross-site scripting reflejados. Las versiones afectadas son TIBCO EBX de TIBCO Software Inc.: versiones hasta 5.8.1.fixR incluy\u00e9ndola, versiones 5.9.3, 5.9.4, 5.9.5 y 5.9.6."}], "id": "CVE-2019-17330", "lastModified": "2019-11-18T16:28:56.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@tibco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-12T20:15:12.107", "references": [{"source": "security@tibco.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}