CVE-2022-41567

Summary

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO BusinessConnectunspecified <= 7.3.0affected

Weaknesses

  • Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References