{"api_version":"1","generated_at":"2026-04-23T06:31:30+00:00","cve":"CVE-2021-43050","urls":{"html":"https://cve.report/CVE-2021-43050","api":"https://cve.report/api/cve/CVE-2021-43050.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-43050","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-43050"},"summary":{"title":"CVE-2021-43050","description":"The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below.","state":"PUBLIC","assigner":"security@tibco.com","published_at":"2022-02-15 18:15:00","updated_at":"2022-02-23 20:46:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.tibco.com/services/support/advisories","name":"https://www.tibco.com/services/support/advisories","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Advisory | TIBCO Software","mime":"text/html","httpstatus":"403","archivestatus":"200"},{"url":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050","name":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"TIBCO Security Advisory: February 15, 2022 - TIBCO BusinessConnect Container Edition - 2021-43050 | TIBCO Software","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-43050","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43050","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"43050","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"tibco","cpe5":"businessconnect","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"container","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security@tibco.com","DATE_PUBLIC":"2022-02-15T17:00:00Z","ID":"CVE-2021-43050","STATE":"PUBLIC","TITLE":"TIBCO BusinessConnect Container Edition administrative username and passwords leakage"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"TIBCO BusinessConnect Container Edition","version":{"version_data":[{"version_affected":"<=","version_value":"1.1.0"}]}}]},"vendor_name":"TIBCO Software Inc."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below."}]},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Successful execution of this vulnerability can result in an attacker gaining full administrative access to the components of the affected system."}]}]},"references":{"reference_data":[{"name":"https://www.tibco.com/services/support/advisories","refsource":"CONFIRM","url":"https://www.tibco.com/services/support/advisories"},{"refsource":"CONFIRM","name":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050","url":"https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050"}]},"solution":[{"lang":"eng","value":"TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO BusinessConnect Container Edition versions 1.1.0 and below update to version 1.1.1 or later"}],"source":{"discovery":"USER"}},"nvd":{"publishedDate":"2022-02-15 18:15:00","lastModifiedDate":"2022-02-23 20:46:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:tibco:businessconnect:*:*:*:*:container:*:*:*","versionEndExcluding":"1.1.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"43050","Ordinal":"219579","Title":"CVE-2021-43050","CVE":"CVE-2021-43050","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"43050","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}