TIBCO iProcess Components Cross Site Scripting and Session Fixation


Description   Two vulnerabilities have been identified in TIBCO iProcess products, which could be exploited by attackers to gain knowledge of sensitive information or hijack sessions.
The first issue is caused by an input validation error which could allow attackers to view or modify information in the database via a cross site scripting.
The second vulnerability is caused by an error related to sessions handling, which could allow an attacker to hijack a user's session via a session fixation.
     
Vulnerable Products   Vulnerable Software:
TIBCO iProcess Engine versions prior to 11.1.3TIBCO iProcess Workspace (Browser) versions prior to 11.3.1
     
Solution   Upgrade to TIBCO iProcess Engine version 11.1.3, and TIBCO iProcess Workspace (Browser) version 11.3.1.
     
CVE   CVE-2011-2021
CVE-2011-2020
     
References   http://www.tibco.com/multimedia/iprocess_advisory_20110518_tcm8-13710.txt
http://www.tibco.com/services/support/advisories/iprocess-advisory_20110518.jsp
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2011-05-19 

 Target Type 
Server 

 Possible exploit 
Local & Remote