Lucene search

TibcoCVELIST:CVE-2022-41559

HistoryDec 06, 2022 - 12:00 a.m.

CVE-2022-41559 TIBCO Nimbus Open Redirect Vulnerability

2022-12-0600:00:00

tibco

www.cve.org

tibco nimbus

open redirect

web client

vulnerability

unauthenticated attacker

network access

human interaction

affected releases

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.

CNA Affected

[
  {
    "vendor": "TIBCO Software Inc.",
    "product": "TIBCO Nimbus",
    "versions": [
      {
        "version": "10.5.0",
        "status": "affected"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

9.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for CVELIST:CVE-2022-41559