cvelist/2021/23xxx/CVE-2021-23272.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@tibco.com",
        "DATE_PUBLIC": "2021-01-26T17:00:00Z",
        "ID": "CVE-2021-23272",
        "STATE": "PUBLIC",
        "TITLE": "TIBCO BPM Cross Site Scripting (XSS)"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "TIBCO BPM Enterprise",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "4.3.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "4.3.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system."
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "http://www.tibco.com/services/support/advisories",
                "refsource": "CONFIRM",
                "url": "http://www.tibco.com/services/support/advisories"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"
        }
    ],
    "source": {
        "discovery": "USER"
    }
}
"-Synchronized-Data." 2021-01-08 22:01:46 +00:00			`{`
"-Synchronized-Data." 2021-01-26 19:06:16 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "security@tibco.com",`
			`"DATE_PUBLIC": "2021-01-26T17:00:00Z",`
			`"ID": "CVE-2021-23272",`
			`"STATE": "PUBLIC",`
			`"TITLE": "TIBCO BPM Cross Site Scripting (XSS)"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "TIBCO BPM Enterprise",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "4.3.0"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"product_name": "TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<=",`
			`"version_value": "4.3.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "TIBCO Software Inc."`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
			"value": "The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below."
			`}`
			`]`
			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "LOW",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 4.6,`
			`"baseSeverity": "MEDIUM",`
			`"confidentialityImpact": "LOW",`
			`"integrityImpact": "LOW",`
			`"privilegesRequired": "LOW",`
			`"scope": "UNCHANGED",`
			`"userInteraction": "REQUIRED",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",`
			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Successful execution of this vulnerability can result in unauthorized read access, as well as unauthorized update, insert or delete access to a subset of AMX-BPM data on the affected system."`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "http://www.tibco.com/services/support/advisories",`
			`"refsource": "CONFIRM",`
			`"url": "http://www.tibco.com/services/support/advisories"`
			`}`
			`]`
			`},`
			`"solution": [`
			`{`
			`"lang": "eng",`
			`"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BPM Enterprise versions 4.3.0 and below update to version 4.3.1 or higher\nTIBCO BPM Enterprise Distribution for TIBCO Silver Fabric versions 4.3.0 and below update to version 4.3.1 or higher"`
			`}`
			`],`
			`"source": {`
			`"discovery": "USER"`
			`}`
			`}`