TIBCO PartnerExpress REST API

  Original release date: December 15, 2020
  Last revised: ---
  Source: TIBCO Software Inc.


Systems Affected

  TIBCO PartnerExpress version 6.2.0

  The following component is affected:

    * REST API


Description

  The component listed above contains a vulnerability that theoretically allows
  an unauthenticated attacker with network access to obtain an authenticated
  login URL for the affected system via a REST API.


Impact

  Successful execution of this vulnerability can result in unauthorized read
  access to a subset of PartnerExpress data, as well as unauthorized update,
  insert or delete access to a subset of PartnerExpress data on the affected
  system.

  CVSS v3 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)


Solution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO PartnerExpress version 6.2.0 update to version 6.2.1 or higher


References

  http://www.tibco.com/services/support/advisories
  CVE-2020-27147