CVE-2011-2021Improper Update of Reference Count in Iprocess Engine

CWE-911Improper Update of Reference CountCWE-416Use After FreeCWE-369Divide By ZeroCWE-125Out-of-bounds ReadCWE-20Improper Input ValidationCWE-414Missing Lock Check20 documents10 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 28.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Tibco Iprocess EngineTibco Iprocess Workspace
Timeline
PublishedMay 20
Latest updateJun 19

Description

Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDtibco/iprocess_engine11.1.2+15

🔴Vulnerability Details

2
GHSA
GHSA-7v4f-45vh-vpff: Session fixation vulnerability in TIBCO iProcess Engine before 112022-05-17
CVEList
CVE-2011-2021: Session fixation vulnerability in TIBCO iProcess Engine before 112011-05-20

💥Exploits & PoCs

3
Exploit-DB
vsftpd 2.3.4 - Backdoor Command Execution2021-04-12
Nuclei
Clansphere CMS 2011.4 - Cross-Site Scripting
Nuclei
Clansphere CMS 2011.4 - Cross-Site Scripting

📋Vendor Advisories

7
Red Hat
kernel: sch_cake: do not call cake_destroy() from cake_init()2024-06-19
Red Hat
kernel: bpf: Add oversize check before call kvcalloc()2024-05-21
Red Hat
kernel: netfilter: nftables: avoid overflows in nft_hash_buckets()2024-02-28
Red Hat
kernel: netfilter: divide error in nft_limit_init2024-02-27
Red Hat
mysql: C API unspecified vulnerability (CPU Jan 2021)2021-01-19

💬Community

1
Bugzilla
CVE-2021-46915 kernel: netfilter: divide error in nft_limit_init2024-02-27
CVE-2011-2021 — Improper Update of Reference Count | cvebase