Vulnerability Details : CVE-2011-2021
Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.
Exploit prediction scoring system (EPSS) score for CVE-2011-2021
Probability of exploitation activity in the next 30 days: 0.47%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 72 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2021
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2011-2021
-
http://www.vupen.com/english/advisories/2011/1272
Webmail | OVH- OVHVendor Advisory
-
http://www.tibco.com/services/support/advisories/iprocess-advisory_20110518.jsp
TIBCO Security Advisory: May 18, 2011 - TIBCO iProcess | TIBCO SoftwareVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/67538
TIBCO iProcess Suite unspecified session hijacking CVE-2011-2021 Vulnerability Report
-
http://www.securityfocus.com/bid/47921
TIBCO iProcess Suite Session Fixation and Cross Site Scripting Vulnerabilities
-
http://www.tibco.com/multimedia/iprocess_advisory_20110518_tcm8-13710.txt
Vendor Advisory
Products affected by CVE-2011-2021
- cpe:2.3:a:tibco:iprocess_engine:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.5:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.6:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.4:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:10.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_engine:11.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_workspace:*:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_workspace:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_workspace:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:iprocess_workspace:11.2:*:*:*:*:*:*:*