The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
References
Link | Resource |
---|---|
http://www.tibco.com/services/support/advisories | Vendor Advisory |
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: tibco
Published: 2019-08-07T00:00:00
Updated: 2019-08-08T15:36:52
Reserved: 2019-04-12T00:00:00
Link: CVE-2019-11208
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-08-08T16:15:11.103
Modified: 2023-03-29T16:20:40.710
Link: CVE-2019-11208
JSON object: View
Redhat Information
No data.
CWE