TIBCO BusinessConnect Container Edition username and password leakage
CVE-2021-43049

9.8CRITICAL

Key Information:

Vendor: Tibco
Status: Tibco Businessconnect Container Edition
Vendor: CVE Published:; 15 February 2022

Summary

The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.

Affected Version(s)

TIBCO BusinessConnect Container Edition <= 1.1.0

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2022/01/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 15, 2022
Vulnerability Reserved
Oct 27, 2021