2 important vulnerabilities in TIBCO BusinessConnect Container Edition

Information security specialists report the detection of multiple vulnerabilities in TIBCO BusinessConnect Container Edition. According to the report, the successful exploitation of these vulnerabilities would allow the deployment of multiple hacking variants.

Below are brief reports of the detected flaws, in addition to their respective tracking keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).

CVE-2021-43050: The application does not correctly impose the corresponding security restrictions on the authentication server component, so threat actors could obtain administrative usernames and passwords, thus gaining full access to the affected system.

This is a low severity flaw and received a CVSS score of 7.3/10.

CVE-2021-43049: The application does not impose adequate security measures on the database component, which would allow remote attackers to obtain usernames and passwords from users with high privileges, gaining full access to the affected systems.

This is a critical vulnerability and received a CVSS score of 8.5/10.

According to reports, the flaws reside in the versions of TIBCO BusinessConnect Container Edition v1.1.0.

While flaws can be exploited remotely by unauthenticated threat actors, no active exploitation attempts have been detected so far. However, the developers of the tool recommend applying the available security patches as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.