Original release date: January 11, 2022 Last revised: --- Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system.
Impact
Successful execution of this vulnerability can result in an attacker gaining full access to communication on an existing channel on the affected system.
CVSS v3 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)
Environment
Products Affected
TIBCO eFTL - Community Edition versions 6.7.2 and below
TIBCO eFTL - Developer Edition versions 6.7.2 and below
TIBCO eFTL - Enterprise Edition versions 6.7.2 and below
The following component is affected:
* eFTL Server
Resolution
TIBCO has released updated versions of the affected systems which address this issue:
TIBCO eFTL - Community Edition versions 6.7.2 and below update to version 6.7.3 or later
TIBCO eFTL - Developer Edition versions 6.7.2 and below update to version 6.7.3 or later
TIBCO eFTL - Enterprise Edition versions 6.7.2 and below update to version 6.7.3 or later