// For flags

CVE-2021-23274

TIBCO API Exchange Gateway Clickjack Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.

El componente Config UI de TIBCO API Exchange Gateway de TIBCO Software Inc. y TIBCO API Exchange Gateway Distribution para TIBCO Silver Fabric, contiene una vulnerabilidad que teóricamente permite a un atacante no autenticado con acceso a la red ejecutar un ataque de clickjacking en el sistema afectado. Un ataque con éxito que use esta vulnerabilidad no requiere la interacción humana de una persona diferente del atacante. Las versiones afectadas son TIBCO API Exchange Gateway de TIBCO Software Inc.: versiones 2.3.3 y anteriores y TIBCO API Exchange Gateway Distribution para TIBCO Silver Fabric: versiones 2.3.3 y anteriores

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-08 CVE Reserved
  • 2021-03-23 CVE Published
  • 2023-12-07 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Tibco
Search vendor "Tibco"
Api Exchange Gateway
Search vendor "Tibco" for product "Api Exchange Gateway"
<= 2.3.3
Search vendor "Tibco" for product "Api Exchange Gateway" and version " <= 2.3.3"
-
Affected
Tibco
Search vendor "Tibco"
Api Exchange Gateway Distribution
Search vendor "Tibco" for product "Api Exchange Gateway Distribution"
<= 2.3.3
Search vendor "Tibco" for product "Api Exchange Gateway Distribution" and version " <= 2.3.3"
silver_fabric
Affected