Unrated severityNVD Advisory· Published Nov 16, 2021· Updated Sep 16, 2024
TIBCO PartnerExpress Cross Site Scripting vulnerabilities
CVE-2021-43047
Description
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
Affected products
2<=6.2.1+ 1 more
- (no CPE)range: <=6.2.1
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- www.tibco.com/services/support/advisoriesmitrex_refsource_CONFIRM
- www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43047mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.