Security Advisory Regarding TIBCO API Exchange

Security Advisory Regarding TIBCO API Exchange

book

Article ID: KB0108064

calendar_today

Updated On:

Products Versions
TIBCO API Exchange 2.3.1 and below

Description

TIBCO API Exchange Processes OAuth Incorrectly

  Original release date: August 7, 2019
  Last revised: ---
  Source: TIBCO Software Inc.


Description

  The component listed above contains a vulnerability that theoretically
  processes OAuth authorization incorrectly, leading to potential escalation of
  privileges for the specific customer endpoint, when the implementation uses
  multiple scopes.


Impact

  The impact of this vulnerability includes the theoretical possibility that an
  attacker could gain access to all scopes defined for a given customer
  endpoint.

  CVSS v3 Base Score: 6.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Environment

Systems Affected   TIBCO API Exchange Gateway versions 2.3.1 and below   TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions     2.3.1 and below   The following component is affected:     * authorization

Resolution

Solution

  TIBCO has released updated versions of the affected systems which address
  these issues

  TIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2
    or higher

  TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions
    2.3.1 and below update to version 2.3.2 or higher

Issue/Introduction

Security Advisory Regarding TIBCO API Exchange

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2019-11208