CVE-2021-43052

Summary

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO FTL - Community Editionunspecified <= 6.7.2affected
TIBCO Software Inc.TIBCO FTL - Developer Editionunspecified <= 6.7.2affected
TIBCO Software Inc.TIBCO FTL - Enterprise Editionunspecified <= 6.7.2affected

Weaknesses

  • Successful execution of this vulnerability can result in an attacker gaining full access to communication on an existing eFTL channel on the affected system.

ADP Enrichment

CVE Program Container

Additional References

References