XSS in Tibco Activematrix_bpm
CVE-2019-8991
The administrator web interface of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Gr…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.009 (56.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Tibco Activematrix_bpm
- Tibco Activematrix_policy_director
- Tibco Activematrix_service_bus
- Tibco Activematrix_service_grid
- Tibco Silver_fabric_enabler
- Tibco Software Inc. Activematrix Bpm — versions unspecified
- Tibco Software Inc. Activematrix Bpm Distribution For Silver Fabric — versions unspecified
- Tibco Software Inc. Activematrix Policy Director — versions unspecified
- Tibco Software Inc. Activematrix Service Bus — versions unspecified
- Tibco Software Inc. Activematrix Service Grid — versions unspecified
Weakness classification (CWE)
References
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
Frequently asked questions
- What is CVE-2019-8991?
- CVE-2019-8991 is a high-severity vulnerability in Tibco Activematrix_bpm, classified under Cross-site Scripting. CVSS score: 8.8/10. Published 2019-04-24.
- How severe is CVE-2019-8991?
- High severity. CVSS v3 base score is 8.8 out of 10.