CVE-2022-30571 (GCVE-0-2022-30571)
Vulnerability from cvelistv5 – Published: 2022-08-02 16:50 – Updated: 2024-09-16 20:07
VLAI?
Title
TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability
Summary
The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.
Severity ?
8.1 (High)
CWE
- In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO iWay Service Manager |
Affected:
unspecified , ≤ 8.0.6
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO iWay Service Manager",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.0.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The iWay Service Manager Console component of TIBCO Software Inc.\u0027s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO iWay Service Manager: versions 8.0.6 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T17:06:24",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later"
}
],
"source": {
"discovery": "Internal"
},
"title": "TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-08-02T17:00:00Z",
"ID": "CVE-2022-30571",
"STATE": "PUBLIC",
"TITLE": "TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO iWay Service Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.0.6"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iWay Service Manager Console component of TIBCO Software Inc.\u0027s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO iWay Service Manager: versions 8.0.6 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "In the worst case, if the victim is a privileged administrator, successful execution of these vulnerabilities can result in an attacker gaining full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later"
}
],
"source": {
"discovery": "Internal"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-30571",
"datePublished": "2022-08-02T16:50:10.613170Z",
"dateReserved": "2022-05-11T00:00:00",
"dateUpdated": "2024-09-16T20:07:14.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:tibco:iway_service_manager:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.0.7\", \"matchCriteriaId\": \"9DB2106B-9F3F-4410-99F7-AC0DB35B8733\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The iWay Service Manager Console component of TIBCO Software Inc.\u0027s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO iWay Service Manager: versions 8.0.6 and below.\"}, {\"lang\": \"es\", \"value\": \"El componente iWay Service Manager Console de TIBCO Software Inc. contiene vulnerabilidades de tipo Cross Site Scripting (XSS) Reflejado f\\u00e1cilmente explotables que permiten a un atacante poco privilegiado y acceso a la red ejecutar scripts dirigidos al sistema afectado o al sistema local de la v\\u00edctima. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO iWay Service Manager: versiones 8.0.6 y anteriores\"}]",
"id": "CVE-2022-30571",
"lastModified": "2024-11-21T07:02:57.187",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@tibco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
"published": "2022-08-02T17:15:10.857",
"references": "[{\"url\": \"https://www.tibco.com/services/support/advisories\", \"source\": \"security@tibco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571\", \"source\": \"security@tibco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tibco.com/services/support/advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-30571\",\"sourceIdentifier\":\"security@tibco.com\",\"published\":\"2022-08-02T17:15:10.857\",\"lastModified\":\"2024-11-21T07:02:57.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The iWay Service Manager Console component of TIBCO Software Inc.\u0027s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim\u0027s local system. Affected releases are TIBCO Software Inc.\u0027s TIBCO iWay Service Manager: versions 8.0.6 and below.\"},{\"lang\":\"es\",\"value\":\"El componente iWay Service Manager Console de TIBCO Software Inc. contiene vulnerabilidades de tipo Cross Site Scripting (XSS) Reflejado f\u00e1cilmente explotables que permiten a un atacante poco privilegiado y acceso a la red ejecutar scripts dirigidos al sistema afectado o al sistema local de la v\u00edctima. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO iWay Service Manager: versiones 8.0.6 y anteriores\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@tibco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:iway_service_manager:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.0.7\",\"matchCriteriaId\":\"9DB2106B-9F3F-4410-99F7-AC0DB35B8733\"}]}]}],\"references\":[{\"url\":\"https://www.tibco.com/services/support/advisories\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/services/support/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30571\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…