CVE-2022-22777 Vulnerability Details

  /     /     /  

CVE-2022-22777 Metadata Quick Info

CVE Published: 18/05/2022 | CVE Updated: 16/09/2024 | CVE Year: 2022
Source: tibco | Vendor: TIBCO Software Inc. | Product: TIBCO BusinessConnect Trading Community Management
Status : PUBLISHED

CVE-2022-22777 Description

The Web Server component of TIBCO Software Inc.\'s TIBCO BusinessConnect Trading Community Management contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow an unauthenticated attacker with network access to execute scripts targeting the affected system or the victim\'s local system. Affected releases are TIBCO Software Inc.\'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

Metrics

CVSS Version: 3.1 | Base Score: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Successful execution of this vulnerability can result in an attacker gaining partial access to the affected system and can result in unauthorized read, update, insert or delete access to a subset of resources.
Source: TIBCO Software Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2022-22777 Vulnerability Details