CVE-2019-11208

Summary

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO API Exchange Gateway2.3.1 and prioraffected
TIBCO Software Inc.TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric2.3.1 and prioraffected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.

ADP Enrichment

CVE Program Container

Additional References

References