TIBCO Session Fixation and Multiple Input Validation Vulnerabilities
TIBCO Collaborative Information Manager and ActiveCatalog is prone to multiple vulnerabilities, including SQL-injection, cross-site scripting, information-disclosure, and session-fixation issues.
Successful exploits of these vulnerabilities can allow attackers to compromise the applications, access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary script code in a user's browser in the context of the webserver process, access sensitive data, or hijack a user's session.
The following products are vulnerable:
TIBCO Collaborative Information Manager versions prior to 8.1.0
TIBCO ActiveCatalog versions prior to 1.0.1