Vulnerability Details CVE-2021-23274
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway
Products affected by CVE-2021-23274
-
cpe:2.3:a:tibco:api_exchange_gateway:-
-
cpe:2.3:a:tibco:api_exchange_gateway:2.0.0
-
cpe:2.3:a:tibco:api_exchange_gateway:2.1.0
-
cpe:2.3:a:tibco:api_exchange_gateway:2.1.1
-
cpe:2.3:a:tibco:api_exchange_gateway:2.2.0
-
cpe:2.3:a:tibco:api_exchange_gateway:2.2.1
-
cpe:2.3:a:tibco:api_exchange_gateway:2.3.0
-
cpe:2.3:a:tibco:api_exchange_gateway:2.3.1
-
cpe:2.3:a:tibco:api_exchange_gateway:2.3.2
-
cpe:2.3:a:tibco:api_exchange_gateway:2.3.3
-
cpe:2.3:a:tibco:api_exchange_gateway_distribution:2.1.0
-
cpe:2.3:a:tibco:api_exchange_gateway_distribution:2.1.1
-
cpe:2.3:a:tibco:api_exchange_gateway_distribution:2.2.0
-
cpe:2.3:a:tibco:api_exchange_gateway_distribution:2.2.1
-
cpe:2.3:a:tibco:api_exchange_gateway_distribution:2.3.3