CVE-2021-43052
9.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Summary
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO FTL - Community Edition | unspecified <= 6.7.2 | affected |
| TIBCO Software Inc. | TIBCO FTL - Developer Edition | unspecified <= 6.7.2 | affected |
| TIBCO Software Inc. | TIBCO FTL - Enterprise Edition | unspecified <= 6.7.2 | affected |
Weaknesses
- Successful execution of this vulnerability can result in an attacker gaining full access to communication on an existing eFTL channel on the affected system.
ADP Enrichment
CVE Program Container
Additional References
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43052
References
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43052
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.