Vulnerability Description
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Ebx | < 5.8.124 |
| Tibco | Product And Service Catalog Powered By Tibco Ebx | 1.0.0 |
Related Weaknesses (CWE)
References
- https://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-octoberVendor Advisory
- https://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-octoberVendor Advisory
FAQ
What is CVE-2021-35498?
CVE-2021-35498 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain spec...
How severe is CVE-2021-35498?
CVE-2021-35498 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-35498?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Ebx, Tibco Product And Service Catalog Powered By Tibco Ebx.