TIBCO iProcess Suite Session Fixation and Cross Site Scripting Vulnerabilities

The TIBCO iProcess Suite is prone to a cross-site scripting vulnerability and a session-fixation vulnerability.

Successfully exploiting these vulnerabilities can allow attackers to execute arbitrary script code in a user's browser in the context of the webserver process, access sensitive data, or hijack a user's session.

The following products are vulnerable:

TIBCO iProcess Engine versions prior to 11.1.3.
TIBCO iProcess Workspace (Browser) versions prior to 11.3.1.


Privacy Statement
Copyright 2010, SecurityFocus