CVE-2022-41567 (GCVE-0-2022-41567)
Vulnerability from cvelistv5
Published
2023-02-22 00:00
Modified
2025-03-12 15:03
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CWE
  • Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.
Summary
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
References
Impacted products
Vendor Product Version
TIBCO Software Inc. TIBCO BusinessConnect Version: unspecified   <
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:49:41.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tibco.com/services/support/advisories"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41567",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T15:03:03.006804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T15:03:44.452Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TIBCO BusinessConnect",
          "vendor": "TIBCO Software Inc.",
          "versions": [
            {
              "lessThanOrEqual": "7.3.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-02-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-22T00:00:00.000Z",
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco"
      },
      "references": [
        {
          "url": "https://www.tibco.com/services/support/advisories"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later"
        }
      ],
      "source": {
        "discovery": ""
      },
      "title": "TIBCO BusinessConnect Stored XSS Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "cveId": "CVE-2022-41567",
    "datePublished": "2023-02-22T00:00:00.000Z",
    "dateReserved": "2022-09-26T00:00:00.000Z",
    "dateUpdated": "2025-03-12T15:03:44.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.tibco.com/services/support/advisories\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:49:41.904Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41567\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-12T15:03:03.006804Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-12T15:03:09.274Z\"}}], \"cna\": {\"title\": \"TIBCO BusinessConnect Stored XSS Vulnerability\", \"source\": {\"discovery\": \"\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"TIBCO Software Inc.\", \"product\": \"TIBCO BusinessConnect\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"7.3.0\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"TIBCO has released updated versions of the affected components which address these issues.\\n\\nTIBCO BusinessConnect versions 7.3.0 and below: update to version 7.3.1 or later\"}], \"datePublic\": \"2023-02-22T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.tibco.com/services/support/advisories\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The BusinessConnect UI component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect: versions 7.3.0 and below.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Successful execution of this attack could result in the ability to perform actions within the context of another user including reading, updating, inserting, or deleting data accessible to TIBCO BusinessConnect.\"}]}], \"providerMetadata\": {\"orgId\": \"4f830c72-39e4-45f6-a99f-78cc01ae04db\", \"shortName\": \"tibco\", \"dateUpdated\": \"2023-02-22T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41567\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-12T15:03:44.452Z\", \"dateReserved\": \"2022-09-26T00:00:00.000Z\", \"assignerOrgId\": \"4f830c72-39e4-45f6-a99f-78cc01ae04db\", \"datePublished\": \"2023-02-22T00:00:00.000Z\", \"assignerShortName\": \"tibco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.