Security Advisor regarding TIBCO FTL

Security Advisor regarding TIBCO FTL

book

Article ID: KB0107995

calendar_today

Updated On:

Products Versions
TIBCO FTL 6.7.2 and below

Description

TIBCO FTL Secret Generation Vulnerability

  Original release date: January 11, 2022
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains an easily exploitable vulnerability that
  allows authentication bypass due to a hard coded secret used in the default
  realm server of the affected system.


Impact

  Successful execution of this vulnerability can result in an attacker gaining
  full access to communication on an existing eFTL channel on the affected
  system.

  CVSS v3 Base Score: 9.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N)

Issue/Introduction

Security Advisor regarding TIBCO FTL Secret Generation Vulnerability

Environment

Products Affected TIBCO FTL - Community Edition versions 6.7.2 and below TIBCO FTL - Developer Edition versions 6.7.2 and below TIBCO FTL - Enterprise Edition versions 6.7.2 and below The following component is affected: * Realm Server

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO FTL - Community Edition versions 6.7.2 and below update to version
    6.7.3 or later

  TIBCO FTL - Developer Edition versions 6.7.2 and below update to version
    6.7.3 or later

  TIBCO FTL - Enterprise Edition versions 6.7.2 and below update to version
    6.7.3 or later
 

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2021-43052
 
Powered by Wolken Software