TIBCO PartnerExpress REST API
CVE-2020-27147

6.5MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Partnerexpress
Vendor: CVE Published:; 15 December 2020

Summary

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: version 6.2.0.

Affected Version(s)

TIBCO PartnerExpress 6.2.0

References

http://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2020/12/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 15, 2020
Vulnerability Reserved
Oct 14, 2020