CVE-2023-26218 - Cross-site Scripting vulnerabilities in TIBCO Nimbus

1. Vulnerability Properties

Title: Cross-site Scripting (XSS) vulnerabilities in TIBCO Nimbus
CVE ID: CVE-2023-26218
CVSSv3 Base Score: 9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Vendor: TIBCO
Products: TIBCO Nimbus
Advisory Release Date: 27-09-2023
Advisory URL: https://labs.integrity.pt/advisories/cve-2023-26218
Credits: Discovery by Pedro Miguel Ferreira <pedro.miguel.ferreira[at]devoteam.com>

2. Vulnerability Summary

TIBCO Nimbus is vulnerable to several Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim’s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker.

3. Vulnerable Versions

TIBCO Nimbus versions 10.6.0 and below.

4. Solution

TIBCO has released updated versions of the affected systems which address this issue:

  • TIBCO Nimbus versions 10.6.0 and below: update to version 10.6.1 or later

5. Vulnerability Timeline

  • 21/Jul/23 - Bug reported to TIBCO
  • 25/Jul/23 - Bug verified by vendor
  • 22/Nov/23 - Advisory released

6. References

  • https://www.tibco.com/support/advisories/2023/09/tibco-security-advisory-september-27-2023-tibco-nimbus-cve-2023-26218
  • https://nvd.nist.gov/vuln/detail/CVE-2023-26218
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26218

Latest Advisories

Latest Articles

© 2024 INTEGRITY S.A. All rights reserved. | Cookie Policy

Cookie Consent X

Integrity S.A. uses cookies for analytical and more personalized information presentation purposes, based on your browsing habits and profile. For more detailed information, see our Cookie Policy.