Description
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.tibco.com/services/support/advisories
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43046
Scores
CVSS v3
7.5
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
Status
published
Products (1)
tibco/partnerexpress
< 6.2.1
Published
Nov 16, 2021
Tracked Since
Feb 18, 2026