Search criteria
4 vulnerabilities found for TIBCO API Exchange Gateway by TIBCO Software Inc.
CVE-2021-23274 (GCVE-0-2021-23274)
Vulnerability from nvd – Published: 2021-03-23 16:55 – Updated: 2024-09-16 21:58
VLAI?
Title
TIBCO API Exchange Gateway Clickjack Vulnerability
Summary
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
Severity ?
9.8 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO API Exchange Gateway |
Affected:
unspecified , ≤ 2.3.3
(custom)
|
|||||||
|
|||||||||
Date Public ?
2021-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO API Exchange Gateway",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T17:06:08.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO API Exchange Gateway Clickjack Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-23274",
"STATE": "PUBLIC",
"TITLE": "TIBCO API Exchange Gateway Clickjack Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO API Exchange Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.3.3"
}
]
}
},
{
"product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.3.3"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23274",
"datePublished": "2021-03-23T16:55:12.144Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:58:25.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11208 (GCVE-0-2019-11208)
Vulnerability from nvd – Published: 2019-08-08 15:36 – Updated: 2024-09-17 02:53
VLAI?
Title
TIBCO API Exchange Processes OAuth Incorrectly
Summary
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
Severity ?
6.4 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO API Exchange Gateway |
Affected:
2.3.1 and prior
|
|||||||
|
|||||||||
Date Public ?
2019-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO API Exchange Gateway",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "2.3.1 and prior"
}
]
},
{
"product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "2.3.1 and prior"
}
]
}
],
"datePublic": "2019-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-08T15:36:52.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO API Exchange Processes OAuth Incorrectly",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-08-07T16:00:00.000Z",
"ID": "CVE-2019-11208",
"STATE": "PUBLIC",
"TITLE": "TIBCO API Exchange Processes OAuth Incorrectly"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO API Exchange Gateway",
"version": {
"version_data": [
{
"version_value": "2.3.1 and prior"
}
]
}
},
{
"product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_value": "2.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11208",
"datePublished": "2019-08-08T15:36:52.668Z",
"dateReserved": "2019-04-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:22.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23274 (GCVE-0-2021-23274)
Vulnerability from cvelistv5 – Published: 2021-03-23 16:55 – Updated: 2024-09-16 21:58
VLAI?
Title
TIBCO API Exchange Gateway Clickjack Vulnerability
Summary
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
Severity ?
9.8 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO API Exchange Gateway |
Affected:
unspecified , ≤ 2.3.3
(custom)
|
|||||||
|
|||||||||
Date Public ?
2021-03-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO API Exchange Gateway",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "2.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-03-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T17:06:08.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO API Exchange Gateway Clickjack Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-23T17:00:00Z",
"ID": "CVE-2021-23274",
"STATE": "PUBLIC",
"TITLE": "TIBCO API Exchange Gateway Clickjack Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO API Exchange Gateway",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.3.3"
}
]
}
},
{
"product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "2.3.3"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23274",
"datePublished": "2021-03-23T16:55:12.144Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:58:25.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11208 (GCVE-0-2019-11208)
Vulnerability from cvelistv5 – Published: 2019-08-08 15:36 – Updated: 2024-09-17 02:53
VLAI?
Title
TIBCO API Exchange Processes OAuth Incorrectly
Summary
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
Severity ?
6.4 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO API Exchange Gateway |
Affected:
2.3.1 and prior
|
|||||||
|
|||||||||
Date Public ?
2019-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO API Exchange Gateway",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "2.3.1 and prior"
}
]
},
{
"product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "2.3.1 and prior"
}
]
}
],
"datePublic": "2019-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-08T15:36:52.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO API Exchange Processes OAuth Incorrectly",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-08-07T16:00:00.000Z",
"ID": "CVE-2019-11208",
"STATE": "PUBLIC",
"TITLE": "TIBCO API Exchange Processes OAuth Incorrectly"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO API Exchange Gateway",
"version": {
"version_data": [
{
"version_value": "2.3.1 and prior"
}
]
}
},
{
"product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"version_value": "2.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11208",
"datePublished": "2019-08-08T15:36:52.668Z",
"dateReserved": "2019-04-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:53:22.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}