Lucene search

TibcoCVELIST:CVE-2021-43049

HistoryFeb 15, 2022 - 5:55 p.m.

CVE-2021-43049 TIBCO BusinessConnect Container Edition username and password leakage

2022-02-1517:55:11

tibco

www.cve.org

cve-2021-43049

tibco businessconnect

container edition

database component

username and password leakage

vulnerability

unauthenticated attacker

network access

usernames and passwords

affected releases

tibco software inc.

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.5%

JSON

The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.

CNA Affected

[
  {
    "product": "TIBCO BusinessConnect Container Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "1.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

60.5%

JSON

Related for CVELIST:CVE-2021-43049