CVE-2022-22769
Published on: 01/19/2022 12:00:00 AM UTC
Last Modified on: 01/26/2022 03:30:00 PM UTC
Certain versions of Ebx from Tibco contain the following vulnerability:
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below.
- CVE-2022-22769 has been assigned by
[email protected] to track the vulnerability - currently rated as CRITICAL severity.
CVSS3 Score: 9 - CRITICAL
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| NETWORK | LOW | LOW | REQUIRED |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| CHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6 - MEDIUM
| Access Vector ⓘ |
Access Complexity |
Authentication |
|---|---|---|
| NETWORK | MEDIUM | SINGLE |
| Confidentiality Impact |
Integrity Impact |
Availability Impact |
| PARTIAL | PARTIAL | PARTIAL |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| TIBCO Security Advisory: January 19, 2022 - TIBCO EBX - 2022-22769 | TIBCO Software | www.tibco.com text/html |
CONFIRM www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-19-2022-tibco-ebx-2022-22769 |
| Advisory | TIBCO Software | web.archive.org text/html Inactive LinkNot Archived |
CONFIRM www.tibco.com/services/support/advisories |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Tibco | Ebx | All | All | All | All |
| Application | Tibco | Ebx | 5.9.10 | All | All | All |
| Application | Tibco | Ebx | 5.9.11 | All | All | All |
| Application | Tibco | Ebx | 5.9.12 | All | All | All |
| Application | Tibco | Ebx | 5.9.13 | All | All | All |
| Application | Tibco | Ebx | 5.9.14 | All | All | All |
| Application | Tibco | Ebx | 5.9.15 | All | All | All |
| Application | Tibco | Ebx | 5.9.3 | All | All | All |
| Application | Tibco | Ebx | 5.9.4 | All | All | All |
| Application | Tibco | Ebx | 5.9.5 | All | All | All |
| Application | Tibco | Ebx | 5.9.6 | All | All | All |
| Application | Tibco | Ebx | 5.9.7 | All | All | All |
| Application | Tibco | Ebx | 5.9.8 | All | All | All |
| Application | Tibco | Ebx | 5.9.9 | All | All | All |
| Application | Tibco | Ebx | 6.0.0 | All | All | All |
| Application | Tibco | Ebx | 6.0.1 | All | All | All |
| Application | Tibco | Ebx | 6.0.2 | All | All | All |
| Application | Tibco | Ebx | 6.0.3 | All | All | All |
| Application | Tibco | Ebx Add-ons | All | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.1.0 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.2.0 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.2.1 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.2.2 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.3.0 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.3.1 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.3.2 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.3.3 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.3.4 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.4.0 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.4.1 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.4.2 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.4.3 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.5.0 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.5.1 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.5.2 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.5.3 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.5.4 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.5.5 | All | All | All |
| Application | Tibco | Ebx Add-ons | 4.5.6 | All | All | All |
| Application | Tibco | Ebx Add-ons | 5.0.0 | All | All | All |
| Application | Tibco | Ebx Add-ons | 5.0.1 | All | All | All |
| Application | Tibco | Ebx Add-ons | 5.1.0 | All | All | All |
| Application | Tibco | Ebx Add-ons | 5.1.1 | All | All | All |
| Application | Tibco | Ebx Add-ons | 5.2.0 | All | All | All |
| Application | Tibco | Product And Service Catalog Powered By Tibco Ebx | All | All | All | All |
- cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.10:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.11:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.12:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.13:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.14:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.15:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.3:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.4:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.5:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.6:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.7:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.8:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:5.9.9:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:6.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:6.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:6.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx:6.0.3:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:*:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.2.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.2.2:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.3.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.3.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.3.2:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.3.3:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.3.4:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.4.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.4.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.4.2:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.4.3:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.5.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.5.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.5.2:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.5.3:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.5.4:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.5.5:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:4.5.6:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:5.0.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:5.0.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:5.1.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:5.1.1:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:ebx_add-ons:5.2.0:*:*:*:*:*:*:*:
- cpe:2.3:a:tibco:product_and_service_catalog_powered_by_tibco_ebx:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2022-22769 : The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-o… twitter.com/i/web/status/1… | 2022-01-19 19:31:36 |
| @prophaze |
CVE-2022-22769 prophaze.com/cve/cve-2022-2… | 2022-01-19 23:03:59 |
 /r/netcve |
CVE-2022-22769 | 2022-01-19 20:38:09 |