TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: March 23, 2021 - TIBCO API Exchange Gateway
- TIBCO API Exchange Gateway versions 2.3.3 and below
- TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below
The following component is affected:
- Config UI
The component listed above contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker.
The impact of this vulnerability includes the theoretical possibility that an attacker gains full administrative access to the affected system.
CVSS v3 Base Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO API Exchange Gateway versions 2.3.3 and below update to version 2.4.0 or higher
- TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.3 and below update to version 2.4.0 or higher