Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for api_exchange_gateway by tibco

    CVE-2021-23274 (GCVE-0-2021-23274)

    Vulnerability from nvd – Published: 2021-03-23 16:55 – Updated: 2024-09-16 21:58
    VLAI
    Title
    TIBCO API Exchange Gateway Clickjack Vulnerability
    Summary
    The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
    CWE
    • The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Date Public
    2021-03-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO API Exchange Gateway",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-23T17:06:08.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO API Exchange Gateway Clickjack Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2021-03-23T17:00:00Z",
              "ID": "CVE-2021-23274",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO API Exchange Gateway Clickjack Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO API Exchange Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-23274",
        "datePublished": "2021-03-23T16:55:12.144Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:58:25.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11208 (GCVE-0-2019-11208)

    Vulnerability from nvd – Published: 2019-08-08 15:36 – Updated: 2024-09-17 02:53
    VLAI
    Title
    TIBCO API Exchange Processes OAuth Incorrectly
    Summary
    The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
    CWE
    • The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.
    Assigner
    References
    Date Public
    2019-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO API Exchange Gateway",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.1 and prior"
                }
              ]
            },
            {
              "product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.1 and prior"
                }
              ]
            }
          ],
          "datePublic": "2019-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-08T15:36:52.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO API Exchange Processes OAuth Incorrectly",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2019-08-07T16:00:00.000Z",
              "ID": "CVE-2019-11208",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO API Exchange Processes OAuth Incorrectly"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO API Exchange Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.3.1 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.3.1 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "MISC",
                  "url": "http://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2019-11208",
        "datePublished": "2019-08-08T15:36:52.668Z",
        "dateReserved": "2019-04-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:53:22.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23274 (GCVE-0-2021-23274)

    Vulnerability from cvelistv5 – Published: 2021-03-23 16:55 – Updated: 2024-09-16 21:58
    VLAI
    Title
    TIBCO API Exchange Gateway Clickjack Vulnerability
    Summary
    The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
    CWE
    • The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.
    Assigner
    References
    Impacted products
    Date Public
    2021-03-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.616Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO API Exchange Gateway",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "lessThanOrEqual": "2.3.3",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-03-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-23T17:06:08.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO API Exchange Gateway Clickjack Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2021-03-23T17:00:00Z",
              "ID": "CVE-2021-23274",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO API Exchange Gateway Clickjack Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO API Exchange Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.3.3"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "2.3.3"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Config UI component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "CONFIRM",
                  "url": "http://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2021-23274",
        "datePublished": "2021-03-23T16:55:12.144Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-16T21:58:25.614Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-11208 (GCVE-0-2019-11208)

    Vulnerability from cvelistv5 – Published: 2019-08-08 15:36 – Updated: 2024-09-17 02:53
    VLAI
    Title
    TIBCO API Exchange Processes OAuth Incorrectly
    Summary
    The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
    CWE
    • The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.
    Assigner
    References
    Date Public
    2019-08-07 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T22:48:09.008Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.tibco.com/services/support/advisories"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TIBCO API Exchange Gateway",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.1 and prior"
                }
              ]
            },
            {
              "product": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
              "vendor": "TIBCO Software Inc.",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.3.1 and prior"
                }
              ]
            }
          ],
          "datePublic": "2019-08-07T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-08-08T15:36:52.000Z",
            "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
            "shortName": "tibco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.tibco.com/services/support/advisories"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
            }
          ],
          "source": {
            "discovery": "INTERNAL"
          },
          "title": "TIBCO API Exchange Processes OAuth Incorrectly",
          "x_generator": {
            "engine": "Vulnogram 0.0.7"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@tibco.com",
              "DATE_PUBLIC": "2019-08-07T16:00:00.000Z",
              "ID": "CVE-2019-11208",
              "STATE": "PUBLIC",
              "TITLE": "TIBCO API Exchange Processes OAuth Incorrectly"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TIBCO API Exchange Gateway",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.3.1 and prior"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "2.3.1 and prior"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The authorization component of TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.\u0027s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.7"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.tibco.com/services/support/advisories",
                  "refsource": "MISC",
                  "url": "http://www.tibco.com/services/support/advisories"
                },
                {
                  "name": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange",
                  "refsource": "CONFIRM",
                  "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher\nTIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher"
              }
            ],
            "source": {
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "assignerShortName": "tibco",
        "cveId": "CVE-2019-11208",
        "datePublished": "2019-08-08T15:36:52.668Z",
        "dateReserved": "2019-04-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:53:22.304Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }