TIBCO PartnerExpress Session Token in URL
CVE-2021-43046

7.5HIGH

Key Information:

Vendor: Tibco
Status: Tibco Partnerexpress
Vendor: CVE Published:; 16 November 2021

Summary

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.

Affected Version(s)

TIBCO PartnerExpress <= 6.2.1

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2021/11/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2021
Vulnerability Reserved
Oct 27, 2021