TIBCO Security Advisory: October 13, 2021 - TIBCO EBX - 2021-35498
- TIBCO EBX versions 5.8.123 and below
- TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14
- TIBCO EBX versions 6.0.0 and 6.0.1
- TIBCO Product and Service Catalog powered by TIBCO EBX version 1.0.0
The following component is affected:
- TIBCO EBX Web Server
The component listed above contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid.
In the worst case, if the targeted account is a privileged administrator, successful exploitation of this vulnerability can result in an attacker gaining full administrative access to the affected system.
CVSS v3 Base Score: 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO EBX versions 5.8.123 and below update to version 5.8.124 or later
- TIBCO EBX versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14 update to version 5.9.15 or later
- TIBCO EBX versions 6.0.0 and 6.0.1 update to version 6.0.2 or later
- TIBCO Product and Service Catalog powered by TIBCO EBX version 1.0.0 update to version 1.1.0 or later