Login Sign Up

CVE-2021-23271

8.0 HIGH
Cross-Site Scripting

📋 TL;DR

This vulnerability allows low-privileged attackers with network access to execute stored cross-site scripting (XSS) attacks against TIBCO EBX Web Server. Attackers can inject malicious scripts that execute in victims' browsers when they view compromised content. Affected systems are TIBCO EBX versions 5.9.12 and below.

💻 Affected Systems

Products:
  • TIBCO EBX
Versions: 5.9.12 and below
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: Requires low-privileged network access to the EBX Web Server component.

📦 What is this software?

Ebx by Tibco

View all CVEs affecting Ebx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on client systems.

🟠

Likely Case

Session hijacking, credential theft, or unauthorized actions performed within the application context.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires low-privileged access but not authentication. Stored XSS means payload persists and affects multiple users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.9.13 or later

Vendor Advisory: https://www.tibco.com/support/advisories/2021/02/tibco-security-advisory-february-2-2021-tibco-ebx

Restart Required: Yes

Instructions:

1. Download TIBCO EBX version 5.9.13 or later from TIBCO support portal. 2. Backup current installation and data. 3. Apply the update following TIBCO's upgrade documentation. 4. Restart the EBX Web Server service.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources and mitigate XSS impact.

Add 'Content-Security-Policy' header to web server configuration with appropriate directives

Input Validation Filtering

all

Implement server-side input validation to sanitize user-supplied data.

Configure web application firewall rules to filter XSS patterns

🧯 If You Can't Patch

  • Restrict network access to EBX Web Server to trusted users only using firewall rules.
  • Implement strong session management with short timeouts and secure cookie attributes (HttpOnly, Secure flags).

🔍 How to Verify

Check if Vulnerable:

Check EBX version via admin interface or by examining installation files. Versions 5.9.12 or below are vulnerable.

Check Version:

Check TIBCO EBX version in administration console or via product documentation methods.

Verify Fix Applied:

Confirm version is 5.9.13 or later and test XSS payloads are properly sanitized.

📡 Detection & Monitoring

Log Indicators:

  • Unusual script tags or JavaScript in user input fields
  • Multiple failed XSS attempts in web logs

Network Indicators:

  • Suspicious POST requests with script payloads to EBX endpoints

SIEM Query:

web_server_logs WHERE (url CONTAINS "<script>" OR url CONTAINS "javascript:") AND dest_ip = [EBX_SERVER_IP]

📊 Metadata

CVE ID: CVE-2021-23271
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-79
Published: February 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-23271, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)