CVE-2019-11208
CRITICALTIBCO API Exchange Gateway <2.3.1 - Privilege Escalation
Title source: llmDescription
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
http://www.tibco.com/services/support/advisories
Issue Tracking, Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange
Scores
CVSS v3
9.9
EPSS
0.0017
EPSS Percentile
37.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Details
Status
published
Products (1)
tibco/api_exchange_gateway
< 2.3.1 (2 CPE variants)
Published
Aug 08, 2019
Tracked Since
Feb 18, 2026