CVE-2019-17339

EUVD-2019-7750
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. The attacker could theoretically social engineer an authenticated user into submitting the URL, thus executing the script on the affected system with the privileges of the user. Affected releases are TIBCO Software Inc.'s TIBCO Silver Fabric: versions 6.0.0 and below.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
tibcoCNA
6.8 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Affected Products (NVD)
VendorProductVersion
tibcosilver_fabric
𝑥
≤ 6.0.0
𝑥
= Vulnerable software versions
References
http://www.tibco.com/services/support/advisories
http://www.tibco.com/services/support/advisories