Unrated severityNVD Advisory· Published Aug 8, 2019· Updated Sep 17, 2024
TIBCO API Exchange Processes OAuth Incorrectly
CVE-2019-11208
Description
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
Affected products
4<=2.3.1+ 1 more
- (no CPE)range: <=2.3.1
- (no CPE)range: 2.3.1 and prior
<=2.3.1+ 1 more
- (no CPE)range: <=2.3.1
- (no CPE)range: 2.3.1 and prior
Patches
Vulnerability mechanics
References
2- www.tibco.com/services/support/advisoriesmitrex_refsource_MISC
- www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchangemitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.