CVE-2019-17338 - OpenCVE

The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tibco	Patterns - Search

Configuration 1 [-]

cpe:2.3:a:tibco:patterns_-_search:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.tibco.com/services/support/advisories	Vendor Advisory
https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tibco

Published: 2020-01-28T00:00:00

Updated: 2020-01-28T18:00:20

Reserved: 2019-10-07T00:00:00

Link: CVE-2019-17338

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-28T19:15:12.937

Modified: 2020-02-04T16:36:16.703

Link: CVE-2019-17338

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "TIBCO Patterns - Search", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "5.4.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-01-28T00:00:00", "descriptions": [{"lang": "en", "value": "The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain all privileges available via the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-28T18:00:20", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or higher"}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2020-01-28T17:00:00Z", "ID": "CVE-2019-17338", "STATE": "PUBLIC", "TITLE": "TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Patterns - Search", "version": {"version_data": [{"version_affected": "<=", "version_value": "5.4.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain all privileges available via the affected component."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or higher"}], "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-17338", "datePublished": "2020-01-28T00:00:00", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2020-01-28T18:00:20", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:patterns_-_search:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BA00042-7345-44AB-8901-8CDB487DFFDD", "versionEndIncluding": "5.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below."}, {"lang": "es", "value": "El componente interfaz de usuario de TIBCO Patterns - Search de TIBCO Software Inc, contiene m\u00faltiples vulnerabilidades que te\u00f3ricamente permiten a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) persistentes. Las versiones afectadas son TIBCO Patterns - Search de TIBCO Software Inc versiones 5.4.0 y por debajo."}], "id": "CVE-2019-17338", "lastModified": "2020-02-04T16:36:16.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "security@tibco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-28T19:15:12.937", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}