PT-2020-16640 · Tibco Software · Tibco Partnerexpress

Published

2020-12-15

Updated

2021-07-21

CVE-2020-27147

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TIBCO PartnerExpress version 6.2.0

Description The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains an issue that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API.

Recommendations For version 6.2.0, consider restricting access to the REST API component until a patch is available. As a temporary workaround, consider disabling the REST API component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-27147

Affected Products

Tibco Partnerexpress

PT-2020-16640 · Tibco Software · Tibco Partnerexpress

CVE-2020-27147

Related Identifiers

Affected Products

References · 5