CVE-2021-35498

Summary

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO EBXunspecified <= 5.8.123affected
TIBCO Software Inc.TIBCO EBX5.9.3affected
TIBCO Software Inc.TIBCO EBX5.9.4affected
TIBCO Software Inc.TIBCO EBX5.9.5affected
TIBCO Software Inc.TIBCO EBX5.9.6affected
TIBCO Software Inc.TIBCO EBX5.9.7affected
TIBCO Software Inc.TIBCO EBX5.9.8affected
TIBCO Software Inc.TIBCO EBX5.9.9affected
TIBCO Software Inc.TIBCO EBX5.9.10affected
TIBCO Software Inc.TIBCO EBX5.9.11affected
TIBCO Software Inc.TIBCO EBX5.9.12affected
TIBCO Software Inc.TIBCO EBX5.9.13affected
TIBCO Software Inc.TIBCO EBX5.9.14affected
TIBCO Software Inc.TIBCO EBX6.0.0affected
TIBCO Software Inc.TIBCO EBX6.0.1affected
TIBCO Software Inc.TIBCO Product and Service Catalog powered by TIBCO EBX1.0.0affected

Weaknesses

  • In the worst case, if the targeted account is a privileged administrator, successful exploitation of this vulnerability can result in an attacker gaining full administrative access to the affected system.

ADP Enrichment

CVE Program Container

Additional References

References