CVE-2020-27146
5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO iProcess Workspace (Browser) | unspecified <= 11.6.0 | affected |
Weaknesses
- Successful execution of this vulnerability can result in unauthorized read, update, insert or delete access to some of the data in the affected system.
ADP Enrichment
CVE Program Container
Additional References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2020/11/tibco-security-advisory-november-10-2020-tibco-iprocess-workspace
References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2020/11/tibco-security-advisory-november-10-2020-tibco-iprocess-workspace
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.