Vulnerabilities > CVE-2021-43048 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Tibco Partnerexpress

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

tibco

CWE-1021

critical

NVD

Published: 2021-11-16

Updated: 2021-11-19

Summary

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco Partnerexpress 6.0.0 Tibco Partnerexpress 6.1.0 Tibco Partnerexpress 6.2.0 Tibco Partnerexpress 6.2.1	4

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References