TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication

The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.

N/A

N/A

TIBCO Software ActiveMatrix BusinessWorks 授权问题漏洞

TIBCO Software ActiveMatrix BusinessWorks是美国TIBCO Software公司的一套基于业界标准的解决方案。该产品能够与其他ActiveMatrix产品共融，支持用户进行服务创建、编制和整合等。 TIBCO ActiveMatrix BusinessWorks 6.4.2及之前版本中的HTTP Connector组件存在授权问题漏洞。该漏洞源于网络系统或产品中缺少身份验证措施或身份验证强度不足。

N/A

N/A