CVE-2021-35498

{"id": "CVE-2021-35498", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-10-13T17:15:07.407", "references": [{"url": "https://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}, {"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-13-2021-tibco-ebx-2021-35498", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0."}, {"lang": "es", "value": "El componente TIBCO EBX Web Server de TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, y TIBCO Product and Service Catalog powered by TIBCO EBX contiene una vulnerabilidad que, bajo determinadas condiciones espec\u00edficas, permite a un atacante introducir una contrase\u00f1a distinta a la leg\u00edtima y que sea aceptada como v\u00e1lida. Las versiones afectadas son TIBCO Software Inc.'s TIBCO EBX: versiones 5.8.123 y por debajo, TIBCO EBX: versiones 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5. 9.10, 5.9.11, 5.9.12, 5.9.13 y 5.9.14, TIBCO EBX: versiones 6.0.0 y 6.0.1, y TIBCO Product and Service Catalog powered by TIBCO EBX: versi\u00f3n 1.0.0"}], "lastModified": "2023-11-07T03:36:32.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9604AC-5D15-478D-B293-91A4E9A6270F", "versionEndExcluding": "5.8.124"}, {"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EA4F49B-3B5C-4807-A944-A6A29146D900", "versionEndExcluding": "5.9.15", "versionStartIncluding": "5.9.3"}, {"criteria": "cpe:2.3:a:tibco:ebx:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5429D79-2907-4266-B0F5-FE48274851D2", "versionEndExcluding": "6.0.2", "versionStartIncluding": "6.0.0"}, {"criteria": "cpe:2.3:a:tibco:product_and_service_catalog_powered_by_tibco_ebx:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4127EFED-F9A1-4898-8626-BED0A29C07EC"}], "operator": "OR"}]}], "sourceIdentifier": "security@tibco.com"}