TIBCO Nimbus Denial of Service Vulnerability
Original release date: December 6, 2022
Source: TIBCOSoftware Inc.
TIBCO Nimbus version 10.5.0
The following component is affected:
* Statement Set Upload via the Web Client
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to execute a Denial of
Service Attack on the affected system.
Successful execution of this vulnerability can result in an unauthorized hang
or frequently repeatable crash (complete DOS) of the affected system.
CVSS v3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
TIBCO has released updated versions of the affected systems which address this
TIBCO Nimbus version 10.5.0: update to version 10.5.1 or later