Lucene search

MitreCVE-2011-2021

HistoryMay 20, 2011 - 10:55 p.m.

CVE-2011-2021

2011-05-2022:55:05

mitre

web.nvd.nist.gov

cve-2011-2021

session fixation

tibco iprocess engine

tibco iprocess workspace

remote attackers

web sessions

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

75.7%

JSON

Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.

Affected configurations

Nvd

Node

tibcoiprocess_engineRange≤11.1.2

tibcoiprocess_engineMatch10.3.0

tibcoiprocess_engineMatch10.3.1

tibcoiprocess_engineMatch10.3.2

tibcoiprocess_engineMatch10.3.3

tibcoiprocess_engineMatch10.3.4

tibcoiprocess_engineMatch10.3.5

tibcoiprocess_engineMatch10.4

tibcoiprocess_engineMatch10.4.1

tibcoiprocess_engineMatch10.5

tibcoiprocess_engineMatch10.6

tibcoiprocess_engineMatch10.6.0

tibcoiprocess_engineMatch10.6.1

tibcoiprocess_engineMatch10.6.2

tibcoiprocess_engineMatch11.0

tibcoiprocess_engineMatch11.1.1

Node

tibcoiprocess_workspaceRange≤11.3

tibcoiprocess_workspaceMatch11.0

tibcoiprocess_workspaceMatch11.1

tibcoiprocess_workspaceMatch11.2

VendorProductVersionCPE
tibcoiprocess_engine*cpe:2.3:a:tibco:iprocess_engine:*:*:*:*:*:*:*:*
tibcoiprocess_engine10.3.0cpe:2.3:a:tibco:iprocess_engine:10.3.0:*:*:*:*:*:*:*
tibcoiprocess_engine10.3.1cpe:2.3:a:tibco:iprocess_engine:10.3.1:*:*:*:*:*:*:*
tibcoiprocess_engine10.3.2cpe:2.3:a:tibco:iprocess_engine:10.3.2:*:*:*:*:*:*:*
tibcoiprocess_engine10.3.3cpe:2.3:a:tibco:iprocess_engine:10.3.3:*:*:*:*:*:*:*
tibcoiprocess_engine10.3.4cpe:2.3:a:tibco:iprocess_engine:10.3.4:*:*:*:*:*:*:*
tibcoiprocess_engine10.3.5cpe:2.3:a:tibco:iprocess_engine:10.3.5:*:*:*:*:*:*:*
tibcoiprocess_engine10.4cpe:2.3:a:tibco:iprocess_engine:10.4:*:*:*:*:*:*:*
tibcoiprocess_engine10.4.1cpe:2.3:a:tibco:iprocess_engine:10.4.1:*:*:*:*:*:*:*
tibcoiprocess_engine10.5cpe:2.3:a:tibco:iprocess_engine:10.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tibco	iprocess_engine	*	cpe:2.3:a:tibco:iprocess_engine::::::::
tibco	iprocess_engine	10.3.0	cpe:2.3:a:tibco:iprocess_engine:10.3.0:::::::*
tibco	iprocess_engine	10.3.1	cpe:2.3:a:tibco:iprocess_engine:10.3.1:::::::*
tibco	iprocess_engine	10.3.2	cpe:2.3:a:tibco:iprocess_engine:10.3.2:::::::*
tibco	iprocess_engine	10.3.3	cpe:2.3:a:tibco:iprocess_engine:10.3.3:::::::*
tibco	iprocess_engine	10.3.4	cpe:2.3:a:tibco:iprocess_engine:10.3.4:::::::*
tibco	iprocess_engine	10.3.5	cpe:2.3:a:tibco:iprocess_engine:10.3.5:::::::*
tibco	iprocess_engine	10.4	cpe:2.3:a:tibco:iprocess_engine:10.4:::::::*
tibco	iprocess_engine	10.4.1	cpe:2.3:a:tibco:iprocess_engine:10.4.1:::::::*
tibco	iprocess_engine	10.5	cpe:2.3:a:tibco:iprocess_engine:10.5:::::::*

Rows per page:

1-10 of 201

References

osvdb.org/72554

secunia.com/advisories/44639

www.securityfocus.com/bid/47921

www.tibco.com/multimedia/iprocess_advisory_20110518_tcm8-13710.txt

www.tibco.com/services/support/advisories/iprocess-advisory_20110518.jsp

www.vupen.com/english/advisories/2011/1272

exchange.xforce.ibmcloud.com/vulnerabilities/67538

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.9

Confidence

Low

EPSS

0.005

Percentile

75.7%

JSON

Related for CVE-2011-2021