TIBCO Nimbus Open Redirect Vulnerability
Original release date: December 6, 2022
Source: TIBCOSoftware Inc.
TIBCO Nimbus version 10.5.0
The following component is affected:
* Web Client
The component listed above contains an easily exploitable vulnerability that
allows an unauthenticated attacker with network access to exploit an open
redirect on the affected system. A successful attack using this vulnerability
requires human interaction from a person other than the attacker.
Successful execution of these vulnerabilities will result in an attacker being
able to execute commands with the privileges of the affected user.
CVSS v3.1 Base Score: 9.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N)
TIBCO has released updated versions of the affected systems which address this
TIBCO Nimbus version 10.5.0: update to version 10.5.1 or later