{"containers": {"cna": {"affected": [{"product": "TIBCO BPM Enterprise", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "4.3.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "4.3.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-01-26T00:00:00", "descriptions": [{"lang": "en", "value": "The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-26T18:15:13", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/services/support/advisories"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"}], "source": {"discovery": "USER"}, "title": "TIBCO BPM Cross Site Scripting (XSS)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2021-01-26T17:00:00Z", "ID": "CVE-2021-23272", "STATE": "PUBLIC", "TITLE": "TIBCO BPM Cross Site Scripting (XSS)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO BPM Enterprise", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.3.0"}]}}, {"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric", "version": {"version_data": [{"version_affected": "<=", "version_value": "4.3.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"}], "source": {"discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T19:05:55.489Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2021-23272", "datePublished": "2021-01-26T18:15:13.846513Z", "dateReserved": "2021-01-08T00:00:00", "dateUpdated": "2024-09-16T17:38:34.192Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:bpm_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "9FB8FF05-E2A5-4E52-929A-75DD7D447741", "versionEndIncluding": "4.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:bpm_enterprise_distribution_for_silver_fabric:*:*:*:*:*:*:*:*", "matchCriteriaId": "D32DBEE5-D35B-42FD-8820-EFDA3DE77346", "versionEndIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."}, {"lang": "es", "value": "El componente Application Development Clients de TIBCO BPM Enterprise y TIBCO BPM Enterprise Distribution de TIBCO Software Inc. para TIBCO Silver Fabric contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante con poco privilegiado con acceso a la red ejecutar un ataque de tipo Cross Site Scripting (XSS) en el sistema afectado.&#xa0;Las versiones afectadas son TIBCO BPM Enterprise de TIBCO Software Inc.: versiones 4.3.0 y anteriores y TIBCO BPM Enterprise Distribution para TIBCO Silver Fabric: versiones 4.3.0 y anteriores"}], "id": "CVE-2021-23272", "lastModified": "2024-11-21T05:51:28.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 2.5, "source": "security@tibco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-26T19:15:13.080", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}