First published: Tue Nov 16 2021(Updated: )
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
Credit: security@tibco.com security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
TIBCO PartnerExpress | <=6.2.1 | |
<=6.2.1 |
TIBCO has released updated versions of the affected components which address these issues. TIBCO PartnerExpress versions 6.2.1 and below update to version 6.2.2 or later
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43048 is a vulnerability in the Interior Server and Gateway Server components of TIBCO PartnerExpress that could allow an unauthenticated attacker to execute a clickjacking attack.
The severity of CVE-2021-43048 is critical with a CVSS score of 9.8.
CVE-2021-43048 affects TIBCO PartnerExpress versions up to and including 6.2.1.
Yes, TIBCO Software Inc. has released advisories with instructions on how to mitigate the vulnerability.
You can find more information about CVE-2021-43048 in the advisories published by TIBCO Software Inc.