CVE-2022-22778

TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability

Description

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

Remediation

Solution:

TIBCO has released updated versions of the affected components which address these issues. TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later

References

Link	Tags
https://www.tibco.com/services/support/advisories	vendor advisory
https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-18-2022-tibco-bctcm-cve-2022-22778	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-22778?: CVE-2022-22778 has been scored as a high severity vulnerability.
How to fix CVE-2022-22778?: To fix CVE-2022-22778: TIBCO has released updated versions of the affected components which address these issues. TIBCO BusinessConnect Trading Community Management versions 6.1.0 and below: update to version 6.1.1 or later
Is CVE-2022-22778 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-22778 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-22778?: CVE-2022-22778 affects TIBCO Software Inc. TIBCO BusinessConnect Trading Community Management.

Description

Remediation

Category

CWE-352 – Cross-Site Request Forgery (CSRF)

References

Frequently Asked Questions