First published: Tue Nov 16 2021(Updated: )
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
Credit: security@tibco.com security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
TIBCO PartnerExpress | <=6.2.1 | |
<=6.2.1 |
TIBCO has released updated versions of the affected components which address these issues. TIBCO PartnerExpress versions 6.2.1 and below update to version 6.2.2 or later
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43046 is a vulnerability in TIBCO PartnerExpress that allows an unauthenticated attacker to obtain session tokens.
CVE-2021-43046 has a severity rating of critical with a score of 8.8.
CVE-2021-43046 affects TIBCO PartnerExpress version 6.2.1.
An attacker with network access can exploit CVE-2021-43046 to obtain session tokens for the affected system.
Yes, you can find more information about CVE-2021-43046 in the following references: [TIBCO Security Advisories](https://www.tibco.com/services/support/advisories) and [TIBCO Security Advisory November 16, 2021](https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43046).