CVE-2021-43054

Summary

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO eFTL - Community Editionunspecified <= 6.7.2affected
TIBCO Software Inc.TIBCO eFTL - Developer Editionunspecified <= 6.7.2affected
TIBCO Software Inc.TIBCO eFTL - Enterprise Editionunspecified <= 6.7.2affected

Weaknesses

  • Successful execution of this vulnerability can result in an attacker gaining full access to communication on an existing channel on the affected system.

ADP Enrichment

CVE Program Container

Additional References

References