CVEs-PoC/2021/CVE-2021-23274.md

### [CVE-2021-23274](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23274)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20API%20Exchange%20Gateway%20Distribution%20for%20TIBCO%20Silver%20Fabric&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20API%20Exchange%20Gateway&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=The%20impact%20of%20this%20vulnerability%20includes%20the%20theoretical%20possibility%20that%20an%20attacker%20gains%20full%20administrative%20access%20to%20the%20affected%20system.&color=brightgreen)

### Description

The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below.

### POC

#### Reference
- http://www.tibco.com/services/support/advisories

#### Github
No PoCs found on GitHub currently.