CVE-2017-16789
MEDIUMIntegration Matters nJAMS 3 < 3.2.0 Hotfix 7 - Authenticated Stored Cross-Site Scripting via Users Management Panel
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://pastebin.com/AxvP1v2Z
Various Sources x_refsource_misc
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_njams3_-_cve-2017-16789.pdf
Various Sources x_refsource_confirm
https://www.integrationmatters.com/cms/upload/Resources/nJAMS_SecurityUpdate_CVE-2017-16789.pdf
Scores
CVSS v3
4.8
EPSS
0.0018
EPSS Percentile
39.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
integrationmatters/njams
3
tibco/businessworks_process_monitor
< 3.0.1.3
Published
Dec 11, 2017
Tracked Since
Feb 18, 2026