How severe is CVE-2021-23274?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2021-23274?

This is classified as CWE-1021, which is a common weakness in software security.

CVE-2021-23274 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.

Related Vulnerabilities

CVE-2016-2496

CRITICAL

CVSS:9.8(Critical)

The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially ove...

CWE-10212016

CVE-2021-43048

CRITICAL

CVSS:9.8(Critical)

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to exe...

CWE-10212021

CVE-2022-2734

CRITICAL

CVSS:10.0(Critical)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

CWE-10212022

CVE-2022-3167

CRITICAL

CVSS:10.0(Critical)

Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.

CWE-10212022

CVE-2021-21111

CRITICAL

CVSS:9.6(Critical)

Insufficient policy enforcement in WebUI in Google Chrome prior to 87.0.4280.141 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a...

CWE-10212021

CVE-2021-21132

CRITICAL

CVSS:9.6(Critical)

Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.

CWE-10212021