CVE-2021-35498

Published: Oct 13, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0.

Affected (4)

Products: Tibco: Ebx, Product And Service Catalog Powered By Tibco Ebx

2 products

Product And Service Catalog Powered By Tibco Ebx

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Tibco Ebx	Before 5.8.124
Tibco Ebx	From 5.9.3 to 5.9.15
Tibco Ebx	From 6.0.0 to 6.0.2
Tibco Product And Service Catalog Powered By Tibco Ebx	Version 1.0.0

Related CWEs

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

References (4)

https://www.tibco.com/services/support/advisories

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-13-2021-tibco-ebx-2021-35498

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/services/support/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-13-2021-tibco-ebx-2021-35498

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.