CVE-2021-43047
TIBCO PartnerExpress Cross Site Scripting vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
Los componentes Interior Server y Gateway Server de TIBCO PartnerExpress de TIBCO Software Inc. contienen vulnerabilidades de tipo Cross Site Scripting (XSS) almacenadas y reflejadas fácilmente explotables que permiten a un atacante con pocos privilegios realizar ingeniería social a un usuario legítimo con acceso a la red para ejecutar scripts dirigidos al sistema afectado o al sistema local de la víctima. Un ataque con éxito usando esta vulnerabilidad requiere la interacción humana de una persona que no sea el atacante. Las versiones afectadas son TIBCO PartnerExpress de TIBCO Software Inc.: versiones 6.2.1 y anteriores
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-27 CVE Reserved
- 2021-11-16 CVE Published
- 2023-06-09 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tibco Search vendor "Tibco" | Partnerexpress Search vendor "Tibco" for product "Partnerexpress" | <= 6.2.1 Search vendor "Tibco" for product "Partnerexpress" and version " <= 6.2.1" | - |
Affected
|