First published: Tue Nov 16 2021(Updated: )
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
Credit: security@tibco.com security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
TIBCO PartnerExpress | <=6.2.1 | |
<=6.2.1 |
TIBCO has released updated versions of the affected components which address these issues. TIBCO PartnerExpress versions 6.2.1 and below update to version 6.2.2 or later
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43047 is a vulnerability in TIBCO PartnerExpress that allows for stored and reflected Cross Site Scripting (XSS) attacks.
CVE-2021-43047 has a severity value of 9, which is considered critical.
CVE-2021-43047 affects TIBCO PartnerExpress up to version 6.2.1.
Cross Site Scripting (XSS) is an attack that allows an attacker to inject malicious scripts into web pages viewed by users.
An attacker can exploit CVE-2021-43047 by social engineering a legitimate user with network access to execute scripts.