Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for TIBCO BusinessConnect Container Edition by TIBCO Software Inc.

    CVE-2021-43050 (GCVE-0-2021-43050)

    Vulnerability from nvd – Published: 2022-02-15 17:55 – Updated: 2024-09-17 00:06
    VLAI
    Title
    TIBCO BusinessConnect Container Edition administrative username and passwords leakage
    Summary
    The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
    CWE
    • Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Container Edition Affected: unspecified , ≤ 1.1.0 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:47:13.628Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Container Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-15T18:06:16.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-02-15T17:00:00Z",
              "ID": "CVE-2021-43050",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Container Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-43050",
        "datePublished": "2022-02-15T17:55:12.755Z",
        "dateReserved": "2021-10-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:19.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43049 (GCVE-0-2021-43049)

    Vulnerability from nvd – Published: 2022-02-15 17:55 – Updated: 2024-09-17 01:40
    VLAI
    Title
    TIBCO BusinessConnect Container Edition username and password leakage
    Summary
    The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Container Edition Affected: unspecified , ≤ 1.1.0 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:47:13.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Container Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-15T18:06:14.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO BusinessConnect Container Edition username and password leakage",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-02-15T17:00:00Z",
              "ID": "CVE-2021-43049",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Container Edition username and password leakage"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Container Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-43049",
        "datePublished": "2022-02-15T17:55:11.326Z",
        "dateReserved": "2021-10-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:40:32.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43050 (GCVE-0-2021-43050)

    Vulnerability from cvelistv5 – Published: 2022-02-15 17:55 – Updated: 2024-09-17 00:06
    VLAI
    Title
    TIBCO BusinessConnect Container Edition administrative username and passwords leakage
    Summary
    The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
    CWE
    • Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Container Edition Affected: unspecified , ≤ 1.1.0 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:47:13.628Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Container Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-15T18:06:16.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
            }
          ],
          "source": {
            "discovery": "USER"
          },
          "title": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-02-15T17:00:00Z",
              "ID": "CVE-2021-43050",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Container Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Auth Server component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 8.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
              }
            ],
            "source": {
              "discovery": "USER"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-43050",
        "datePublished": "2022-02-15T17:55:12.755Z",
        "dateReserved": "2021-10-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:06:19.636Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43049 (GCVE-0-2021-43049)

    Vulnerability from cvelistv5 – Published: 2022-02-15 17:55 – Updated: 2024-09-17 01:40
    VLAI
    Title
    TIBCO BusinessConnect Container Edition username and password leakage
    Summary
    The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.
    CWE
    • In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Vendor Product Version
    TIBCO Software Inc. TIBCO BusinessConnect Container Edition Affected: unspecified , ≤ 1.1.0 (custom)
    Create a notification for this product.
    Date Public
    2022-02-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:47:13.252Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO BusinessConnect Container Edition",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "1.1.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2022-02-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-02-15T18:06:14.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO BusinessConnect Container Edition username and password leakage",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2022-02-15T17:00:00Z",
              "ID": "CVE-2021-43049",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO BusinessConnect Container Edition username and password leakage"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO BusinessConnect Container Edition",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Database component of TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-43049",
        "datePublished": "2022-02-15T17:55:11.326Z",
        "dateReserved": "2021-10-27T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:40:32.611Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }