First published: Tue Jan 26 2021(Updated: )
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.
Credit: security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
TIBCO BPM Enterprise | <=4.3.0 | |
Tibco Bpm Enterprise Distribution For Silver Fabric | <=4.3.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-23272 is a vulnerability in the Application Development Clients component of TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric that allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack.
TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions up to and including 4.3.0 are affected by CVE-2021-23272.
CVE-2021-23272 has a severity score of 5.4 (medium).
An attacker with low privilege and network access can exploit CVE-2021-23272 to execute a Cross Site Scripting (XSS) attack.
There is currently no known fix for CVE-2021-23272. It is recommended to follow the vendor's advisory and take necessary precautions to mitigate the risk.