Vulnerabilities (CVE)

Filtered by vendor Tibco Subscribe
Filtered by product Api Exchange Gateway
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23274 1 Tibco 2 Api Exchange Gateway, Api Exchange Gateway Distribution 2024-11-21 7.5 HIGH 9.8 CRITICAL
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.
CVE-2019-11208 1 Tibco 1 Api Exchange Gateway 2024-11-21 6.5 MEDIUM 9.9 CRITICAL
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.