Security Advisory regarding TIBCO Rendezvous

Security Advisory regarding TIBCO Rendezvous

book

Article ID: KB0108023

calendar_today

Updated On:

Products Versions
TIBCO Rendezvous 8.5.1 and below

Description

TIBCO Rendezvous Windows Platform Installation vulnerability

  Original release date: March 23, 2021
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains a vulnerability that theoretically allows
  a low privileged attacker with local access on some versions of the Windows
  operating system to insert malicious software. The affected component can be
  abused to execute the malicious software inserted by the attacker with the
  elevated privileges of the component. This vulnerability results from a lack
  of access restrictions on certain files and/or folders in the installation.

Impact

  The impact of this vulnerability includes the possibility of an attacker
  gaining full access to the Windows operating system at the privilege level of
  the affected component.

  CVSS v3 Base Score: 8.8 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Environment

Products Affected TIBCO Rendezvous versions 8.5.1 and below TIBCO Rendezvous Developer Edition versions 8.5.1 and below The following component is affected: * Windows Installation

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Rendezvous versions 8.5.1 and below update to version 8.5.2 or higher

  TIBCO Rendezvous Developer Edition versions 8.5.1 and below update to
    version 8.5.2 or higher

 

Issue/Introduction

Security Advisory regarding TIBCO Rendezvous Windows Platform Installation vulnerability

Additional Information

Acknowledgments

  TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for
  discovery of this vulnerability.

References

  http://www.tibco.com/services/support/advisories
  CVE-2021-28817
 
Powered by Wolken Software