Security Advisory regarding TIBCO PartnerExpress
Article ID: KB0108001
Updated On:
| Products | Versions |
|---|---|
| TIBCO PartnerExpress | 6.2.1 |
Description
IBCO PartnerExpress Click-Jacking vulnerability
Original release date: November 16, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The components listed above contain a vulnerability that theoretically allows
an unauthenticated attacker with network access to execute a clickjacking
attack on the affected system. A successful attack using this vulnerability
does not require human interaction from a person other than the attacker.
Impact
The impact of this vulnerability includes the theoretical possibility that an
attacker gains full administrative access to the affected system.
CVSS v3 Base Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Original release date: November 16, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The components listed above contain a vulnerability that theoretically allows
an unauthenticated attacker with network access to execute a clickjacking
attack on the affected system. A successful attack using this vulnerability
does not require human interaction from a person other than the attacker.
Impact
The impact of this vulnerability includes the theoretical possibility that an
attacker gains full administrative access to the affected system.
CVSS v3 Base Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Issue/Introduction
Security Advisory regarding TIBCO PartnerExpress Click-Jacking vulnerability
Environment
Products Affected
TIBCO PartnerExpress versions 6.2.1 and below
The following components are affected:
* Interior Server
* Gateway Server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO PartnerExpress versions 6.2.1 and below update to version 6.2.2 or
later
issue:
TIBCO PartnerExpress versions 6.2.1 and below update to version 6.2.2 or
later
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2021-43048
CVE-2021-43048
Feedback
Yes
No
Powered by
