CVE-2022-30578

TIBCO EBX Add-ons Stored XSS vulnerability

Description

The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below.

Remediation

Solution:

TIBCO has released updated versions of the affected components which address these issues. TIBCO EBX Add-ons versions 5.4.1 and below: update to version 5.4.2 or later

References

Link	Tags
https://www.tibco.com/services/support/advisories	vendor advisory
https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-september-21-2022-tibco-ebx-add-ons-cve-2022	vendor advisory
https://www.tibco.com/support/advisories/2022/09/tibco-security-advisory-sep-21-2022-ebx-add-ons-cve-2022-30578	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-30578?: CVE-2022-30578 has been scored as a high severity vulnerability.
How to fix CVE-2022-30578?: To fix CVE-2022-30578: TIBCO has released updated versions of the affected components which address these issues. TIBCO EBX Add-ons versions 5.4.1 and below: update to version 5.4.2 or later
Is CVE-2022-30578 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-30578 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-30578?: CVE-2022-30578 affects TIBCO Software Inc. TIBCO EBX Add-ons.

Description

Remediation

Category

CWE-79 – Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

References

Frequently Asked Questions