CVE-2020-27146

TIBCO iProcess Workspace Browser CSRF

Description

The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.

Remediation

Solution:

TIBCO has released updated versions of the affected components which address these issues. TIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to version 11.8.0 or higher

References

Link	Tags
http://www.tibco.com/services/support/advisories	vendor advisory
https://www.tibco.com/support/advisories/2020/11/tibco-security-advisory-november-10-2020-tibco-iprocess-workspace	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2020-27146?: CVE-2020-27146 has been scored as a medium severity vulnerability.
How to fix CVE-2020-27146?: To fix CVE-2020-27146: TIBCO has released updated versions of the affected components which address these issues. TIBCO iProcess Workspace (Browser) versions 11.6.0 and below update to version 11.8.0 or higher
Is CVE-2020-27146 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2020-27146 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-27146?: CVE-2020-27146 affects TIBCO Software Inc. TIBCO iProcess Workspace (Browser).

Description

Remediation

Category

CWE-352 – Cross-Site Request Forgery (CSRF)

References

Frequently Asked Questions