Vulnerability Description
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Api Exchange Gateway | <= 2.3.1 |
References
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-Issue TrackingVendor Advisory
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-Issue TrackingVendor Advisory
FAQ
What is CVE-2019-11208?
CVE-2019-11208 is a vulnerability with a CVSS score of 9.9 (CRITICAL). The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically process...
How severe is CVE-2019-11208?
CVE-2019-11208 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-11208?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Api Exchange Gateway.