CVE-2021-23274— TIBCO API Exchange Gateway Clickjack Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-23274
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TIBCO API Exchange Gateway Clickjack Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TIBCO Software TIBCO API Exchange Gateway 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TIBCO Software TIBCO API Exchange Gateway是美国 (TIBCO Software)公司的一个应用程序。提供了用于管理企业API的中央访问点,并在内部和外部服务,系统和设备之间提供了中介程序。 TIBCO API Exchange Gateway versions 2.3.3 and below 存在安全漏洞,该漏洞允许未经身份验证的网络访问攻击者可利用该漏洞对受影响的系统执行点击劫持攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO API Exchange Gateway | unspecified ~ 2.3.3 | - | |
| TIBCO Software Inc. | TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric | unspecified ~ 2.3.3 | - |
II. Public POCs for CVE-2021-23274
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-23274
请登录查看更多情报信息。
- http://www.tibco.com/services/support/advisoriesx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-23274
Same Patch Batch · TIBCO Software Inc. · 2021-03-23 · 9 CVEs total
| CVE-2021-28817 | 8.8 HIGH | TIBCO Rendezvous Windows Platform Installation vulnerability |
| CVE-2021-28818 | 8.8 HIGH | TIBCO Rendezvous Windows Platform Artifact Search vulnerability |
| CVE-2021-28819 | 8.8 HIGH | TIBCO FTL Windows Platform Installation vulnerability |
| CVE-2021-28820 | 8.8 HIGH | TIBCO FTL Windows Platform Artifact Search vulnerability |
| CVE-2021-28821 | 8.8 HIGH | TIBCO Enterprise Message Service Windows Platform Installation vulnerability |
| CVE-2021-28822 | 8.8 HIGH | TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability |
| CVE-2021-28823 | 8.8 HIGH | TIBCO eFTL Windows Platform Installation vulnerability |
| CVE-2021-28824 | 8.8 HIGH | TIBCO ActiveSpaces Windows Platform Installation vulnerability |
IV. Related Vulnerabilities
Same vendor: TIBCO Software Inc.
- CVE-2024-1137
TIBCO ActiveSpaces Information Leak Vulnerability - CVE-2024-1138
TIBCO FTL Privilege Escalation - CVE-2023-26222
TIBCO EBX Cross-site Scripting (XXS) Vulnerability - CVE-2023-26221
TIBCO Spotfire Insufficiently Protected Credential vulnerabi - CVE-2023-26219
TIBCO Operational Intelligence Hawk RedTail Credential Expos
V. Comments for CVE-2021-23274
No comments yet