TIBCO iProcess Suite Session Fixation and Cross Site Scripting Vulnerabilities
The TIBCO iProcess Suite is prone to a cross-site scripting vulnerability and a session-fixation vulnerability.
Successfully exploiting these vulnerabilities can allow attackers to execute arbitrary script code in a user's browser in the context of the webserver process, access sensitive data, or hijack a user's session.
The following products are vulnerable:
TIBCO iProcess Engine versions prior to 11.1.3.
TIBCO iProcess Workspace (Browser) versions prior to 11.3.1.