CVE-2019-17330

TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities

Description

The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.

Remediation

Solution:

TIBCO has released updated versions of the affected components which address these issues. TIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher

References

Link	Tags
http://www.tibco.com/services/support/advisories	issue tracking vendor advisory
https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2019-17330?: CVE-2019-17330 has been scored as a critical severity vulnerability.
How to fix CVE-2019-17330?: To fix CVE-2019-17330: TIBCO has released updated versions of the affected components which address these issues. TIBCO EBX versions 5.8.1.fixR and below update to version 5.8.1.fixS or higher TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6 update to version 5.9.7 or higher
Is CVE-2019-17330 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2019-17330 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2019-17330?: CVE-2019-17330 affects TIBCO Software Inc. TIBCO EBX.

Description

Remediation

Category

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions