CVE-2021-23274
TIBCO API Exchange Gateway Clickjack Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
El componente Config UI de TIBCO API Exchange Gateway de TIBCO Software Inc. y TIBCO API Exchange Gateway Distribution para TIBCO Silver Fabric, contiene una vulnerabilidad que teóricamente permite a un atacante no autenticado con acceso a la red ejecutar un ataque de clickjacking en el sistema afectado. Un ataque con éxito que use esta vulnerabilidad no requiere la interacción humana de una persona diferente del atacante. Las versiones afectadas son TIBCO API Exchange Gateway de TIBCO Software Inc.: versiones 2.3.3 y anteriores y TIBCO API Exchange Gateway Distribution para TIBCO Silver Fabric: versiones 2.3.3 y anteriores
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-08 CVE Reserved
- 2021-03-23 CVE Published
- 2023-12-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (2)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Tibco Search vendor "Tibco" | Api Exchange Gateway Search vendor "Tibco" for product "Api Exchange Gateway" | <= 2.3.3 Search vendor "Tibco" for product "Api Exchange Gateway" and version " <= 2.3.3" | - |
Affected
| ||||||
Tibco Search vendor "Tibco" | Api Exchange Gateway Distribution Search vendor "Tibco" for product "Api Exchange Gateway Distribution" | <= 2.3.3 Search vendor "Tibco" for product "Api Exchange Gateway Distribution" and version " <= 2.3.3" | silver_fabric |
Affected
|