TIBCO BusinessConnect Container Edition information disclosure | CVE-2021-43050
NAME
TIBCO BusinessConnect Container Edition information disclosure
- Platforms Affected:
TIBCO BusinessConnect Container Edition 1.1.0 - Risk Level:
9.8 - Exploitability:
Unproven - Consequences:
Obtain Information
DESCRIPTION
TIBCO BusinessConnect Container Edition could allow a remote attacker to obtain sensitive information, caused by a flaw in the Auth Server component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain the administrative usernames and passwords of user on the system, and use this information to launch further attacks against the affected system.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer to TIBCO Security Advisory: February 15, 2022 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43050
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.