CVE-2019-11208 (api_exchange_gateway)

The authorization component of TIBCO Software Inc.’s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.’s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.

View Full Alert

Related Posts

  • CVE-2019-9039 (sync_gateway)

    The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public…

  • CVE-2019-13590 (sound_exchange)

    An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the…

  • CVE-2019-9673 (freenet)

    Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI.