Login Sign Up

CVE-2021-35493

9.0 CRITICAL
Cross-Site Scripting

📋 TL;DR

This CVE describes stored and reflected cross-site scripting (XSS) vulnerabilities in TIBCO WebFOCUS components that allow low-privileged attackers to trick legitimate users into executing malicious scripts. The attack requires social engineering and user interaction but can target both the affected system and the victim's local system. Affected systems include TIBCO WebFOCUS Client, Installer, and Reporting Server versions 8207.27.0 and below.

💻 Affected Systems

Products:
  • TIBCO WebFOCUS Client
  • TIBCO WebFOCUS Installer
  • TIBCO WebFOCUS Reporting Server
Versions: 8207.27.0 and below
Operating Systems: Not specified in CVE
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with affected versions are vulnerable by default. The vulnerability exists in both stored and reflected XSS forms.

📦 What is this software?

Webfocus Client by Tibco

View all CVEs affecting Webfocus Client →

Webfocus Installer by Tibco

View all CVEs affecting Webfocus Installer →

Webfocus Reporting Server by Tibco

View all CVEs affecting Webfocus Reporting Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of user sessions, credential theft, installation of malware on victim systems, and potential lateral movement within the network.

🟠

Likely Case

Session hijacking, credential theft, and unauthorized actions performed in the context of authenticated users.

🟢

If Mitigated

Limited impact with proper input validation, output encoding, and Content Security Policy (CSP) headers in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires low privileges and social engineering but is technically straightforward once an attacker can inject scripts.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions above 8207.27.0

Vendor Advisory: https://www.tibco.com/support/advisories/2021/09/tibco-security-advisory-september-14-2021-tibco-webfocus-2021-35493

Restart Required: Yes

Instructions:

1. Download updated versions from TIBCO support portal. 2. Apply patches to all affected components. 3. Restart services. 4. Verify successful update.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add 'Content-Security-Policy' header with appropriate directives to web server configuration

Input Validation and Output Encoding

all

Implement server-side validation and proper output encoding for user inputs

Implement input validation filters and output encoding functions in application code

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads
  • Restrict user privileges and implement principle of least privilege

🔍 How to Verify

Check if Vulnerable:

Check installed version against affected version range (8207.27.0 and below)

Check Version:

Check version through WebFOCUS administration interface or installation logs

Verify Fix Applied:

Verify version is above 8207.27.0 and test for XSS vulnerabilities using security scanners

📡 Detection & Monitoring

Log Indicators:

  • Unusual script tags or JavaScript in user inputs
  • Multiple failed XSS attempts in logs

Network Indicators:

  • Suspicious script payloads in HTTP requests
  • Unexpected external script loads

SIEM Query:

Search for patterns like '<script>', 'javascript:', or encoded XSS payloads in web request logs

📊 Metadata

CVE ID: CVE-2021-35493
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-79
Published: September 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35493, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)