Vulnerability Details : CVE-2017-16789
Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2017-16789
- cpe:2.3:a:tibco:businessworks_process_monitor:*:*:*:*:*:*:*:*
- cpe:2.3:a:integrationmatters:njams:3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16789
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16789
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:P/A:N |
6.8
|
2.9
|
NIST | |
4.8
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
1.7
|
2.7
|
NIST |
CWE ids for CVE-2017-16789
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2017-16789
-
Integration Matters 2018-01-18The reported vulnerability was fixed in version 3.2.0 Hotfix 3 of the affected product. The new version was made available on June-28-2017 to all customers.<br /> We encourage all customers to upgrade to at least the mentioned hot fix level. Reference web sites: <br /> https://www.integrationmatters.com/downloads/software/<br /> https://support.integrationmatters.com
References for CVE-2017-16789
-
https://pastebin.com/AxvP1v2Z
CVE-2017-16789: XSS Vulnerability Details ===================================== - Pastebin.comThird Party Advisory
-
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_njams3_-_cve-2017-16789.pdf
-
https://www.integrationmatters.com/cms/upload/Resources/nJAMS_SecurityUpdate_CVE-2017-16789.pdf
Jump to