CVE-2022-30571 HIGH

CVE-2022-30571: TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability

Vendor Tibco Software Inc.
Product TIBCO iWay Service Manager
Published August 2, 2022
Last update September 16, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.

Key dates

02Disclosure timeline

August 2, 2022 CVE published
September 16, 2024 Record updated