CVE-2022-30577

The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*

History

22 Sep 2022, 19:31

Type Values Removed Values Added
CPE cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*
First Time Tibco ebx
Tibco
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.0
References (CONFIRM) https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-21-2022-tibco-ebx-cve-2022-30577 - (CONFIRM) https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-21-2022-tibco-ebx-cve-2022-30577 - Vendor Advisory
References (CONFIRM) https://www.tibco.com/services/support/advisories - (CONFIRM) https://www.tibco.com/services/support/advisories - Vendor Advisory

21 Sep 2022, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-09-21 18:15

Updated : 2022-09-22 19:31


NVD link : CVE-2022-30577

Mitre link : CVE-2022-30577


JSON object : View

Products Affected

tibco

  • ebx
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')