CVE-2021-28828

Summary

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Administrator - Enterprise Editionunspecified <= 5.10.2affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition5.11.0affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition5.11.1affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabricunspecified <= 5.10.2affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric5.11.0affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric5.11.1affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition for z/Linuxunspecified <= 5.10.2affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition for z/Linux5.11.0affected
TIBCO Software Inc.TIBCO Administrator - Enterprise Edition for z/Linux5.11.1affected

Weaknesses

  • Successful execution of this vulnerability may result in unauthorized read, update, insert or delete access to TIBCO Administrator data on the affected system.

ADP Enrichment

CVE Program Container

Additional References

References