Vulnerability Details CVE-2020-27146
The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.2%
CVSS Severity
CVSS v3 Score 5.0
CVSS v2 Score 6.8
References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2020/11/tibco-security-advisory-november-10-2020-tibco-iprocess-workspace
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2020/11/tibco-security-advisory-november-10-2020-tibco-iprocess-workspace
Products affected by CVE-2020-27146
-
cpe:2.3:a:tibco:iprocess_workspace_browser:-
-
cpe:2.3:a:tibco:iprocess_workspace_browser:11.3.1
-
cpe:2.3:a:tibco:iprocess_workspace_browser:11.4.0
-
cpe:2.3:a:tibco:iprocess_workspace_browser:11.4.1
-
cpe:2.3:a:tibco:iprocess_workspace_browser:11.6.0