← back
CVE-2022-22770

TIBCO AuditSafe API Authentication vulnerability

CVSS 9.8 CRITICALEPSS 1.1%
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Feb 2022Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
TIBCO Software Inc. · TIBCO AuditSafe

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.tibco.com/services/support/advisories