CVE-2023-26222

Summary

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO EBX0 <= 5.9.22affected
TIBCO Software Inc.TIBCO EBX0 <= 6.0.13affected
TIBCO Software Inc.TIBCO Product and Service Catalog powered by TIBCO EBX0 <= 5.0.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility resulting in unauthorized ability to update, insert or delete TIBCO EBX® data.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References