CVE-2022-22769
Published Jan 19, 2022
Last updated 3 years ago
Overview
- Description
- The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below.
- Source
- security@tibco.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6
- Impact score
- 6.4
- Exploitability score
- 6.8
- Vector string
- AV:N/AC:M/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0165AC28-D01B-4485-B96A-2E3060ACB853",
"versionEndExcluding": "5.8.125"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0D1197B-AC96-467F-A450-F259CEBDB235"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A36F7E33-C880-4A41-AEB9-43EB9A076AD5"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE7057CC-ECE4-4AB2-B180-15CC8025F764"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7306713C-5D57-4377-BA97-997F3F05847D"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0414C7DD-2AAB-46AA-8690-4F51AAE06A69"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B3BA2EB-59DF-4356-B1A3-03C15E96FED8"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EA9917D-DFA1-4BD7-953C-F40781A0245A"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AA4FA1F-070E-4581-BA01-FC4CEF2A69A9"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0B85833E-BC58-4226-93C2-63D1E755D6A6"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EA6FB45-F7A6-49F0-B943-97CBEB406FC4"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6857B3C-4BA0-4464-A949-F3349240D820"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89A36F43-5874-402C-8BB7-7D4082D30B70"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:5.9.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "659CBEC1-8244-4C0D-B949-DB7BDF0FB0A8"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED1CAF7-5025-4E31-8CD1-DF6234A59194"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82BC70F7-61CD-459B-9EDB-4BDA09981B1A"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:6.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12E54A85-E839-4E27-B913-D000F84BFF44"
},
{
"criteria": "cpe:2.3:a:tibco:ebx:6.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84A7765C-3AD3-4A3A-A42A-28D5FD9A6D67"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E7A106E-A91A-4761-A2B2-30B863539D7D",
"versionEndExcluding": "3.20.19"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB945CC7-B8DB-4954-99CF-5AA3F795556C"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3466D471-4B75-468D-B14F-53E7B303BA14"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "50366C95-1167-47B6-BE4B-7D8AA1969DEA"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35564BC3-5F27-4D1A-B0DE-339A623AA8B1"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81AD751B-10E3-4BAE-A6E4-549C3CD6A955"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F396C7BA-E805-4D59-B5E0-9A27524125DD"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE69EB4E-C91F-4F33-868D-71EAF123B266"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57C53AE4-A838-4E60-964B-8DAC442B54EF"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.3.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8DE2CB3-9C94-436E-BE0F-EB890E783626"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68736392-51F0-4F2F-8458-F6DCAB19D68C"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7BCA30A-DD78-4745-88E1-6D1B4F04BCED"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DE3A7CF-339B-4442-BCE0-A261F5CFFD0C"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8285BD7A-DB0B-49BD-807F-9848669639C3"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "113B5E93-5E3A-4798-BD34-D0DC6E8FAAAC"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.5.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48FBBD82-8EA3-4FFD-9D4B-F6B5B4245E84"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.5.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "546436F8-8416-48FD-A40C-6D29659CC68E"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0C1B7EE5-A7AA-4729-9E16-7A1BAFBBAFB7"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.5.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1FB66851-2B87-4C2D-8DBA-75788791CBFA"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.5.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5C77659-6D42-4E13-A1F1-B3626CFF52EF"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:4.5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1961A758-6218-4925-8088-70269A7E9924"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2B188CD-0691-4292-937B-64A7FF0B7FC1"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8F9AE13-6EF3-4243-98F6-4E642BC2193D"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAD9CCAA-3E2F-4AA1-B00E-C135E3426F78"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0E45FBEA-EF36-44AA-9BC2-6D4098CA8027"
},
{
"criteria": "cpe:2.3:a:tibco:ebx_add-ons:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DFB572F-32AC-4AC3-BA0D-2BD5EDD05D53"
},
{
"criteria": "cpe:2.3:a:tibco:product_and_service_catalog_powered_by_tibco_ebx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46BDE4B1-18D7-4D20-B017-B6CF8B3FE931",
"versionEndExcluding": "1.2.0"
}
],
"operator": "OR"
}
]
}
]