What software is affected by CVE-2021-23272?

TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions up to and including 4.3.0 are affected by CVE-2021-23272.

What is the severity of CVE-2021-23272?

CVE-2021-23272 has a severity score of 5.4 (medium).

How can an attacker exploit CVE-2021-23272?

An attacker with low privilege and network access can exploit CVE-2021-23272 to execute a Cross Site Scripting (XSS) attack.

Is there a fix for CVE-2021-23272?

There is currently no known fix for CVE-2021-23272. It is recommended to follow the vendor's advisory and take necessary precautions to mitigate the risk.

Vulnerability/
CVE-2021-23272

medium

5.4

CWE

26/1/2021

16/9/2024

CVE-2021-23272: TIBCO BPM Cross Site Scripting (XSS)

Q: What is CVE-2021-23272?

CVE-2021-23272 is a vulnerability in the Application Development Clients component of TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric that allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack.

First published: Tue Jan 26 2021(Updated: )

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.

Credit: security@tibco.com

Affected Software	Affected Version	How to fix
TIBCO BPM Enterprise	<=4.3.0
Tibco Bpm Enterprise Distribution For Silver Fabric	<=4.3.0

Remedy

TIBCO has released updated versions of the affected components which address these issues. TIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher

Never miss a vulnerability like this again

Reference Links

http://www.tibco.com/services/support/advisories

Frequently Asked Questions

What is CVE-2021-23272?
CVE-2021-23272 is a vulnerability in the Application Development Clients component of TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric that allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack.
What software is affected by CVE-2021-23272?
TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions up to and including 4.3.0 are affected by CVE-2021-23272.
What is the severity of CVE-2021-23272?
CVE-2021-23272 has a severity score of 5.4 (medium).
How can an attacker exploit CVE-2021-23272?
An attacker with low privilege and network access can exploit CVE-2021-23272 to execute a Cross Site Scripting (XSS) attack.
Is there a fix for CVE-2021-23272?
There is currently no known fix for CVE-2021-23272. It is recommended to follow the vendor's advisory and take necessary precautions to mitigate the risk.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/references
agent/last-modified-date
agent/weakness
agent/author
agent/tags
agent/description
agent/first-publish-date
agent/title
agent/event
vendor/tibco
canonical/tibco bpm enterprise
version/tibco bpm enterprise/4.3.0
canonical/tibco bpm enterprise distribution for silver fabric
version/tibco bpm enterprise distribution for silver fabric/4.3.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.