PT-2019-12186 · Tibco · Tibco Silver Fabric+1
Published
2019-08-08
·
Updated
2023-03-29
·
CVE-2019-11208
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
TIBCO API Exchange Gateway versions 2.3.1 and prior versions
TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and prior versions
Description
The authorization component of TIBCO API Exchange Gateway contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes.
Recommendations
For TIBCO API Exchange Gateway versions 2.3.1 and prior versions, update to a version that fixes the OAuth authorization issue.
For TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and prior versions, update to a version that fixes the OAuth authorization issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Tibco Api Exchange Gateway
Tibco Silver Fabric