{
    "CVE_data_meta": {
        "ASSIGNER": "security@tibco.com",
        "DATE_PUBLIC": "2022-01-19T17:00:00Z",
        "ID": "CVE-2022-22769",
        "STATE": "PUBLIC",
        "TITLE": "TIBCO EBX vulnerabilities"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "TIBCO EBX",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "5.8.124"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "TIBCO EBX",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.3"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.4"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.5"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.6"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.7"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.8"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.9"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.10"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.11"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.12"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.13"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.14"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.9.15"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "TIBCO EBX",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "6.0.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "6.0.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "6.0.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "6.0.3"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "TIBCO EBX Add-ons",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "3.20.18"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "TIBCO EBX Add-ons",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.1.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.2.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.2.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.2.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.3.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.3.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.3.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.3.3"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.3.4"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.4.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.4.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.4.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.4.3"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.5.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.5.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.5.2"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.5.3"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.5.4"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.5.5"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "4.5.6"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "TIBCO EBX Add-ons",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.0.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.0.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.1.0"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.1.1"
                                        },
                                        {
                                            "version_affected": "=",
                                            "version_value": "5.2.0"
                                        }
                                    ]
                                }
                            },
                            {
                                "product_name": "TIBCO Product and Service Catalog powered by TIBCO EBX",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "1.1.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.tibco.com/services/support/advisories",
                "refsource": "CONFIRM",
                "url": "https://www.tibco.com/services/support/advisories"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-19-2022-tibco-ebx-2022-22769",
                "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-19-2022-tibco-ebx-2022-22769"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX versions 5.8.124 and below update to version 5.8.125 or later\nTIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15 update to version 5.9.16 or later\nTIBCO EBX versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3 update to version 6.0.4 or later\nTIBCO EBX Add-ons versions 3.20.18 and below update to version 3.20.19 or later\nTIBCO EBX Add-ons versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6 update to version 4.5.7 or later\nTIBCO EBX Add-ons versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0 update to version 5.2.1 or later\nTIBCO Product and Service Catalog powered by TIBCO EBX versions 1.1.0 and below update to version 1.2.0 or later"
        }
    ],
    "source": {
        "discovery": "USER"
    }
}