CVE-2021-35493

TIBCO WebFOCUS Cross Site Scripting vulnerabilities

CVSS 9 CRITICALEPSS 0.6%

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Sep 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected products

TIBCO Software Inc. · TIBCO WebFOCUS Client TIBCO Software Inc. · TIBCO WebFOCUS Installer TIBCO Software Inc. · TIBCO WebFOCUS Reporting Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/09/tibco-security-advisory-september-14-2021-tibco-webfocus-2021-35493