Session Fixation Vulnerability in TIBCO iProcess Engine and Workspace
CVE-2011-2021

Currently unrated

Key Information:

Vendor: Tibco
Status: Iprocess Engine
Vendor: CVE Published:; 20 May 2011

Summary

A session fixation vulnerability exists in TIBCO iProcess Engine prior to version 11.1.3 and TIBCO iProcess Workspace prior to version 11.3.1. This flaw allows remote attackers to hijack user web sessions through undisclosed vectors, potentially leading to unauthorized access and control over user sessions.

References

http://www.tibco.com/services/support/advisories/iprocess...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/67538

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/47921

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 20, 2011
Vulnerability Reserved
May 9, 2011