CVE-2022-22769

Summary

The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO EBXunspecified <= 5.8.124affected
TIBCO Software Inc.TIBCO EBX5.9.3affected
TIBCO Software Inc.TIBCO EBX5.9.4affected
TIBCO Software Inc.TIBCO EBX5.9.5affected
TIBCO Software Inc.TIBCO EBX5.9.6affected
TIBCO Software Inc.TIBCO EBX5.9.7affected
TIBCO Software Inc.TIBCO EBX5.9.8affected
TIBCO Software Inc.TIBCO EBX5.9.9affected
TIBCO Software Inc.TIBCO EBX5.9.10affected
TIBCO Software Inc.TIBCO EBX5.9.11affected
TIBCO Software Inc.TIBCO EBX5.9.12affected
TIBCO Software Inc.TIBCO EBX5.9.13affected
TIBCO Software Inc.TIBCO EBX5.9.14affected
TIBCO Software Inc.TIBCO EBX5.9.15affected
TIBCO Software Inc.TIBCO EBX6.0.0affected
TIBCO Software Inc.TIBCO EBX6.0.1affected
TIBCO Software Inc.TIBCO EBX6.0.2affected
TIBCO Software Inc.TIBCO EBX6.0.3affected
TIBCO Software Inc.TIBCO EBX Add-onsunspecified <= 3.20.18affected
TIBCO Software Inc.TIBCO EBX Add-ons4.1.0affected
TIBCO Software Inc.TIBCO EBX Add-ons4.2.0affected
TIBCO Software Inc.TIBCO EBX Add-ons4.2.1affected
TIBCO Software Inc.TIBCO EBX Add-ons4.2.2affected
TIBCO Software Inc.TIBCO EBX Add-ons4.3.0affected
TIBCO Software Inc.TIBCO EBX Add-ons4.3.1affected
TIBCO Software Inc.TIBCO EBX Add-ons4.3.2affected
TIBCO Software Inc.TIBCO EBX Add-ons4.3.3affected
TIBCO Software Inc.TIBCO EBX Add-ons4.3.4affected
TIBCO Software Inc.TIBCO EBX Add-ons4.4.0affected
TIBCO Software Inc.TIBCO EBX Add-ons4.4.1affected
TIBCO Software Inc.TIBCO EBX Add-ons4.4.2affected
TIBCO Software Inc.TIBCO EBX Add-ons4.4.3affected
TIBCO Software Inc.TIBCO EBX Add-ons4.5.0affected
TIBCO Software Inc.TIBCO EBX Add-ons4.5.1affected
TIBCO Software Inc.TIBCO EBX Add-ons4.5.2affected
TIBCO Software Inc.TIBCO EBX Add-ons4.5.3affected
TIBCO Software Inc.TIBCO EBX Add-ons4.5.4affected
TIBCO Software Inc.TIBCO EBX Add-ons4.5.5affected
TIBCO Software Inc.TIBCO EBX Add-ons4.5.6affected
TIBCO Software Inc.TIBCO EBX Add-ons5.0.0affected
TIBCO Software Inc.TIBCO EBX Add-ons5.0.1affected
TIBCO Software Inc.TIBCO EBX Add-ons5.1.0affected
TIBCO Software Inc.TIBCO EBX Add-ons5.1.1affected
TIBCO Software Inc.TIBCO EBX Add-ons5.2.0affected
TIBCO Software Inc.TIBCO Product and Service Catalog powered by TIBCO EBXunspecified <= 1.1.0affected

Weaknesses

  • In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.

ADP Enrichment

CVE Program Container

Additional References

References