CVE-2012-0688

Опубликовано: 13 мар. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt
Vendor Advisory
http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp
Vendor Advisory
http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt
Vendor Advisory
http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tibco:silver_fabric_activematrix_service_grid_distribution:3.1.3:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_service_grid:3.1.2:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.2:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*

Версия до 1.2.0 (включая)

cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_bpm:1.1.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:activematrix_bpm:1.1.1:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00248

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w238-vr25-vr5w

github

больше 3 лет назад

EPSS

Процентиль: 48%

0.00248

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79