CVE-2021-43046 Vulnerability Details

  /     /     /  

CVE-2021-43046 Metadata Quick Info

CVE Published: 16/11/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: tibco | Vendor: TIBCO Software Inc. | Product: TIBCO PartnerExpress
Status : PUBLISHED

CVE-2021-43046 Description

The Interior Server and Gateway Server components of TIBCO Software Inc.\'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\'s TIBCO PartnerExpress: versions 6.2.1 and below.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: In the worst case, if the victim is a privileged administrator, successful execution of this vulnerability can result in an attacker gaining full administrative access to the affected system.
Source: TIBCO Software Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2021-43046 Vulnerability Details