What is CVE-2021-28827?

CVE-2021-28827 is a vulnerability in TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition that allows remote attackers to execute arbitrary code.

How severe is CVE-2021-28827?

CVE-2021-28827 has a severity score of 9.6 (critical).

Which software versions are affected by CVE-2021-28827?

TIBCO Administrator versions up to and including 5.10.2 and TIBCO Runtime Agent versions up to and including 5.10.2 are affected by CVE-2021-28827.

How can I fix CVE-2021-28827?

To fix CVE-2021-28827, it is recommended to upgrade to a version of TIBCO Administrator and TIBCO Runtime Agent that is higher than 5.10.2.

Where can I find more information about CVE-2021-28827?

You can find more information about CVE-2021-28827 on the TIBCO Software Inc. support website and the TIBCO security advisory page.

Vulnerability/
CVE-2021-28827

critical

9.6

CWE

20/4/2021

3/8/2024

CVE-2021-28827: TIBCO Administrator Stored Cross Site Scripting vulnerability

First published: Tue Apr 20 2021(Updated: )

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1.

Credit: security@tibco.com

Affected Software	Affected Version	How to fix
Tibco Administrator	<=5.10.2
Tibco Administrator	<=5.10.2
Tibco Administrator	<=5.10.2
Tibco Administrator	=5.11.0
Tibco Administrator	=5.11.0
Tibco Administrator	=5.11.0
Tibco Administrator	=5.11.1
Tibco Administrator	=5.11.1
Tibco Administrator	=5.11.1
Tibco Runtime Agent	<=5.10.2
Tibco Runtime Agent	<=5.10.2
Tibco Runtime Agent	=5.11.0
Tibco Runtime Agent	=5.11.0
Tibco Runtime Agent	=5.11.1
Tibco Runtime Agent	=5.11.1

Remedy

TIBCO has released updated versions of the affected components which address these issues. TIBCO Administrator - Enterprise Edition versions 5.10.2 and below update to version 5.10.3 or higher TIBCO Administrator - Enterprise Edition versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.10.2 and below update to version 5.10.3 or higher TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher TIBCO Administrator - Enterprise Edition for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher TIBCO Administrator - Enterprise Edition for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher TIBCO Runtime Agent versions 5.10.2 and below update to version 5.10.3 or higher TIBCO Runtime Agent versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher TIBCO Runtime Agent for z/Linux versions 5.10.2 and below update to version 5.10.3 or higher TIBCO Runtime Agent for z/Linux versions 5.11.0 and 5.11.1 update to version 5.11.2 or higher

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-28827?
CVE-2021-28827 is a vulnerability in TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition that allows remote attackers to execute arbitrary code.
How severe is CVE-2021-28827?
CVE-2021-28827 has a severity score of 9.6 (critical).
Which software versions are affected by CVE-2021-28827?
TIBCO Administrator versions up to and including 5.10.2 and TIBCO Runtime Agent versions up to and including 5.10.2 are affected by CVE-2021-28827.
How can I fix CVE-2021-28827?
To fix CVE-2021-28827, it is recommended to upgrade to a version of TIBCO Administrator and TIBCO Runtime Agent that is higher than 5.10.2.
Where can I find more information about CVE-2021-28827?
You can find more information about CVE-2021-28827 on the TIBCO Software Inc. support website and the TIBCO security advisory page.

collector/nvd-index
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/title
agent/severity
agent/author
agent/remedy
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/tibco
canonical/tibco administrator
version/tibco administrator/5.10.2
version/tibco administrator/5.11.0
version/tibco administrator/5.11.1
canonical/tibco runtime agent
version/tibco runtime agent/5.10.2
version/tibco runtime agent/5.11.0
version/tibco runtime agent/5.11.1