Vulnerabilities > CVE-2021-23274 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Tibco products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tibco

CWE-1021

critical

NVD

Published: 2021-03-23

Updated: 2023-11-07

Summary

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco API Exchange Gateway Distribution 2.1.0 Tibco API Exchange Gateway Distribution 2.1.1 Tibco API Exchange Gateway Distribution 2.2.0 Tibco API Exchange Gateway Distribution 2.2.1 Tibco API Exchange Gateway Distribution 2.3.3 Tibco API Exchange Gateway - Tibco API Exchange Gateway 2.0.0 Tibco API Exchange Gateway 2.1.0 Tibco API Exchange Gateway 2.1.1 Tibco API Exchange Gateway 2.2.0 Tibco API Exchange Gateway 2.2.1 Tibco API Exchange Gateway 2.3.0 Tibco API Exchange Gateway 2.3.1 Tibco API Exchange Gateway 2.3.2 Tibco API Exchange Gateway 2.3.3	17

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References