Lucene search

TibcoCVELIST:CVE-2021-35498

HistoryOct 13, 2021 - 4:55 p.m.

CVE-2021-35498 TIBCO EBX Insecure Login Mechanism

2021-10-1316:55:10

tibco

www.cve.org

tibco ebx

insecure login mechanism

vulnerability

web server component

tibco software inc.

affected releases

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0.

CNA Affected

[
  {
    "product": "TIBCO EBX",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.8.123",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO EBX",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "5.9.3"
      },
      {
        "status": "affected",
        "version": "5.9.4"
      },
      {
        "status": "affected",
        "version": "5.9.5"
      },
      {
        "status": "affected",
        "version": "5.9.6"
      },
      {
        "status": "affected",
        "version": "5.9.7"
      },
      {
        "status": "affected",
        "version": "5.9.8"
      },
      {
        "status": "affected",
        "version": "5.9.9"
      },
      {
        "status": "affected",
        "version": "5.9.10"
      },
      {
        "status": "affected",
        "version": "5.9.11"
      },
      {
        "status": "affected",
        "version": "5.9.12"
      },
      {
        "status": "affected",
        "version": "5.9.13"
      },
      {
        "status": "affected",
        "version": "5.9.14"
      }
    ]
  },
  {
    "product": "TIBCO EBX",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.0.0"
      },
      {
        "status": "affected",
        "version": "6.0.1"
      }
    ]
  },
  {
    "product": "TIBCO Product and Service Catalog powered by TIBCO EBX",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "1.0.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-13-2021-tibco-ebx-2021-35498

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

Related for CVELIST:CVE-2021-35498