TIBCO Session Fixation and Multiple Input Validation Vulnerabilities

TIBCO Collaborative Information Manager and ActiveCatalog is prone to multiple vulnerabilities, including SQL-injection, cross-site scripting, information-disclosure, and session-fixation issues.

Successful exploits of these vulnerabilities can allow attackers to compromise the applications, access or modify data, exploit latent vulnerabilities in the underlying database, execute arbitrary script code in a user's browser in the context of the webserver process, access sensitive data, or hijack a user's session.

The following products are vulnerable:

TIBCO Collaborative Information Manager versions prior to 8.1.0
TIBCO ActiveCatalog versions prior to 1.0.1


Privacy Statement
Copyright 2010, SecurityFocus