TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: December 15, 2020 - TIBCO PartnerExpress
TIBCO PartnerExpress REST API
Original release date: December 15, 2020
Source: TIBCO Software Inc.
- TIBCO PartnerExpress version 6.2.0
The following component is affected:
- REST API
The component listed above contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API.
Successful execution of this vulnerability can result in unauthorized read access to a subset of PartnerExpress data, as well as unauthorized update, insert or delete access to a subset of PartnerExpress data on the affected system.
CVSS v3 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO PartnerExpress version 6.2.0 update to version 6.2.1 or higher