Security Advisory regarding TIBCO FTL
Article ID: KB0107992
Updated On:
| Products | Versions |
|---|---|
| TIBCO FTL | 6.7.2 and below |
Description
TIBCO FTL Secret Exposure Vulnerability
Original release date: January 11, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a difficult to exploit vulnerability that
allows an unauthenticated attacker with network access to obtain the cluster
secret of another application connected to the realm server.
Impact
Successful execution of this vulnerability can result in an attacker gaining
full access to communication on an existing eFTL channel on the affected
system.
CVSS v3 Base Score: 8.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N)
Environment
Products Affected
TIBCO FTL - Community Edition versions 6.7.2 and below
TIBCO FTL - Developer Edition versions 6.7.2 and below
TIBCO FTL - Enterprise Edition versions 6.7.2 and below
The following component is affected:
* Realm Server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO FTL - Community Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO FTL - Developer Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO FTL - Enterprise Edition versions 6.7.2 and below update to version
6.7.3 or later
issue:
TIBCO FTL - Community Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO FTL - Developer Edition versions 6.7.2 and below update to version
6.7.3 or later
TIBCO FTL - Enterprise Edition versions 6.7.2 and below update to version
6.7.3 or later
Issue/Introduction
Security Advisory regarding TIBCO FTL Secret Exposure Vulnerability
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2021-43053
CVE-2021-43053
Feedback
Yes
No
Powered by
