{
    "CVE_data_meta": {
        "ASSIGNER": "security@tibco.com",
        "DATE_PUBLIC": "2022-02-15T17:00:00Z",
        "ID": "CVE-2021-43050",
        "STATE": "PUBLIC",
        "TITLE": "TIBCO BusinessConnect Container Edition administrative username and passwords leakage"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "TIBCO BusinessConnect Container Edition",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_value": "1.1.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "TIBCO Software Inc."
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system."
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://www.tibco.com/services/support/advisories",
                "refsource": "CONFIRM",
                "url": "https://www.tibco.com/services/support/advisories"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050",
                "url": "https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"
            }
        ]
    },
    "solution": [
        {
            "lang": "eng",
            "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"
        }
    ],
    "source": {
        "discovery": "USER"
    }
}