Security Advisory regarding TIBCO eFTL
Article ID: KB0107994
Updated On:
| Products | Versions |
|---|---|
| TIBCO eFTL | 6.7.2 and below |
Description
TIBCO eFTL Token Generation Vulnerability
Original release date: January 11, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to generate API tokens
that can access any other channel with arbitrary permissions.
Impact
Successful execution of this vulnerability can result in an attacker gaining
full access to communication on an existing channel on the affected system.
CVSS v3 Base Score: 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)
sa-eftl2020111-3
Original release date: January 11, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that
allows a low privileged attacker with network access to generate API tokens
that can access any other channel with arbitrary permissions.
Impact
Successful execution of this vulnerability can result in an attacker gaining
full access to communication on an existing channel on the affected system.
CVSS v3 Base Score: 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)
sa-eftl2020111-3
Issue/Introduction
Security Advisory regarding TIBCO eFTL Token Generation Vulnerability
Environment
Products Affected
TIBCO eFTL - Community Edition versions 6.7.2 and below
TIBCO eFTL - Developer Edition versions 6.7.2 and below
TIBCO eFTL - Enterprise Edition versions 6.7.2 and below
The following component is affected:
* eFTL Server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO eFTL - Community Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO eFTL - Developer Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO eFTL - Enterprise Edition versions 6.7.2 and below update to version
6.7.3 or later
issue:
TIBCO eFTL - Community Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO eFTL - Developer Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO eFTL - Enterprise Edition versions 6.7.2 and below update to version
6.7.3 or later
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2021-43054
CVE-2021-43054
Feedback
Yes
No
Powered by
