Security Advisory regarding TIBCO PartnerExpress
Article ID: KB0108030
Updated On:
| Products | Versions |
|---|---|
| TIBCO PartnerExpress | 6.2.0 |
Description
TIBCO PartnerExpress REST API
Original release date: December 15, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
an unauthenticated attacker with network access to obtain an authenticated
login URL for the affected system via a REST API.
Impact
Successful execution of this vulnerability can result in unauthorized read
access to a subset of PartnerExpress data, as well as unauthorized update,
insert or delete access to a subset of PartnerExpress data on the affected
system.
CVSS v3 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
Environment
Systems Affected
TIBCO PartnerExpress version 6.2.0
The following component is affected:
* REST API
Resolution
Solution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO PartnerExpress version 6.2.0 update to version 6.2.1 or higher
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO PartnerExpress version 6.2.0 update to version 6.2.1 or higher
Issue/Introduction
Security Advisory regarding TIBCO PartnerExpress REST API
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2020-27147
CVE-2020-27147
Feedback
Yes
No
Powered by
