Vulnerability Description
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Api Exchange Gateway | <= 2.3.3 |
| Tibco | Api Exchange Gateway Distribution | <= 2.3.3 |
Related Weaknesses (CWE)
References
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-2Vendor Advisory
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-2Vendor Advisory
FAQ
What is CVE-2021-23274?
CVE-2021-23274 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an un...
How severe is CVE-2021-23274?
CVE-2021-23274 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-23274?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Api Exchange Gateway, Tibco Api Exchange Gateway Distribution.