{"containers": {"cna": {"affected": [{"product": "TIBCO EBX", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "5.8.1.fixR", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "5.9.3"}, {"status": "affected", "version": "5.9.4"}, {"status": "affected", "version": "5.9.5"}, {"status": "affected", "version": "5.9.6"}]}], "datePublic": "2019-11-12T00:00:00", "descriptions": [{"lang": "en", "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-12T19:15:56", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher"}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2019-11-12T17:00:00.000Z", "ID": "CVE-2019-17330", "STATE": "PUBLIC", "TITLE": "TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO EBX", "version": {"version_data": [{"version_affected": "<=", "version_value": "5.8.1.fixR"}, {"version_affected": "=", "version_value": "5.9.3"}, {"version_affected": "=", "version_value": "5.9.4"}, {"version_affected": "=", "version_value": "5.9.5"}, {"version_affected": "=", "version_value": "5.9.6"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "MISC", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330", "refsource": "MISC", "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher"}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:14.511Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-17330", "datePublished": "2019-11-12T19:15:56.379450Z", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2024-09-16T20:16:20.848Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", "matchCriteriaId": "364FD041-211A-4891-A946-1F3FD02681BE", "versionEndIncluding": "5.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.8.1:fixr:*:*:*:*:*:*", "matchCriteriaId": "79A6BA4E-72D4-4ED4-8415-23ED5D64DB44", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "A0D1197B-AC96-467F-A450-F259CEBDB235", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "A36F7E33-C880-4A41-AEB9-43EB9A076AD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "AE7057CC-ECE4-4AB2-B180-15CC8025F764", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ebx:5.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "7306713C-5D57-4377-BA97-997F3F05847D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6."}, {"lang": "es", "value": "El componente servidor Web de TIBCO EBX de TIBCO Software Inc. contiene m\u00faltiples vulnerabilidades que te\u00f3ricamente permiten a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) almacenados, y usuarios no autenticados para realizar ataques de tipo cross-site scripting reflejados. Las versiones afectadas son TIBCO EBX de TIBCO Software Inc.: versiones hasta 5.8.1.fixR incluy\u00e9ndola, versiones 5.9.3, 5.9.4, 5.9.5 y 5.9.6."}], "id": "CVE-2019-17330", "lastModified": "2024-11-21T04:32:06.037", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@tibco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-12T20:15:12.107", "references": [{"source": "security@tibco.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}