CVE-2019-11203

Опубликовано: 24 апр. 2019

Источник: nvd

CVSS3: 8.8

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

Ссылки

http://www.securityfocus.com/bid/108057
Third Party Advisory
VDB Entry
http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-11203
Vendor Advisory
http://www.securityfocus.com/bid/108057
Third Party Advisory
VDB Entry
http://www.tibco.com/services/support/advisories
Vendor Advisory
https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-11203
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:activematrix_business_process_management:*:*:*:*:*:-:*:*

Версия до 4.2.0 (включая)

cpe:2.3:a:tibco:activematrix_business_process_management:*:*:*:*:*:silver_fabric:*:*

Версия до 4.2.0 (включая)

cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_bpm:*:*

Версия до 1.4.1 (включая)

EPSS

Процентиль: 38%

0.00164

Низкий

8.8 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qhc9-mv9r-wv6m

github

больше 3 лет назад

EPSS

Процентиль: 38%

0.00164

Низкий

8.8 High

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79