Security Advisory regarding TIBCO eFTL

Security Advisory regarding TIBCO eFTL

book

Article ID: KB0107993

calendar_today

Updated On:

Products Versions
TIBCO eFTL 6.7.2 and below

Description

TIBCO eFTL Token Caching Vulnerability

  Original release date: January 11, 2022
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains an easily exploitable vulnerability that
  allows clients to inherit the permissions of the client that initially
  connected on the affected system.

Impact

  Successful execution of this vulnerability can result in an attacker gaining
  full access to communication on an existing channel on the affected system.

  CVSS v3 Base Score: 5.9 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N)

Environment

Products Affected TIBCO eFTL - Community Edition versions 6.7.2 and below TIBCO eFTL - Developer Edition versions 6.7.2 and below TIBCO eFTL - Enterprise Edition versions 6.7.2 and below The following component is affected: * eFTL Server

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO eFTL - Community Edition versions 6.7.2 and below update to version
    6.7.3 or later

  TIBCO eFTL - Developer Edition versions 6.7.2 and below update to version
    6.7.3 or later

  TIBCO eFTL - Enterprise Edition versions 6.7.2 and below update to version
    6.7.3 or later
 

Issue/Introduction

Security Advisory regarding TIBCO eFTL Token Caching Vulnerability

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2021-43055