CVE-2019-11208 Information

Feb 14, 2021 cve

Description

The authorization component of TIBCO Software Inc.’s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly leading to potential escalation of privileges for the specific customer endpoint when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.’s TIBCO API Exchange Gateway version 2.3.1 and prior versions and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Reference

http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.9

Share on: