Security Advisory regarding TIBCO BusinessConnect Container Edition

Security Advisory regarding TIBCO BusinessConnect Container Edition

book

Article ID: KB0107984

calendar_today

Updated On:

Products Versions
TIBCO BusinessConnect Container Edition 1.1.0

Description

TIBCO BusinessConnect Container Edition administrative username and passwords
leakage

  Original release date: February 15, 2022
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains an easily exploitable vulnerability that
  allows an unauthenticated attacker with local access to obtain administrative
  usernames and passwords for the affected system.


Impact

  Successful execution of this vulnerability can result in an attacker gaining
  full administrative access to the components of the affected system.

  CVSS v3 Base Score: 8.4 (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Environment

TIBCO BusinessConnect Container Edition versions 1.1.0 and below The following component is affected: * Auth Server

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO BusinessConnect Container Edition versions 1.1.0 and below update to
    version 1.1.1 or later
 

Issue/Introduction

Security Advisory regarding TIBCO BusinessConnect Container Edition administrative username and passwords leakage

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2021-43050