Lucene search

[email protected]CVE-2021-35497

HistoryOct 05, 2021 - 6:15 p.m.

CVE-2021-35497

2021-10-0518:15:07

CWE-295

[email protected]

web.nvd.nist.gov

cve-2021-35497

tibco

ftl server

docker

activespaces

enterprise

developer

community edition

certificate vulnerability

man-in-the-middle attack

privilege escalation

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.0%

JSON

The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0.

Affected configurations

NVD

Node

tibcoactivespacesMatch4.3.0community

tibcoactivespacesMatch4.3.0developer

tibcoactivespacesMatch4.3.0enterprise

tibcoactivespacesMatch4.4.0community

tibcoactivespacesMatch4.4.0developer

tibcoactivespacesMatch4.4.0enterprise

tibcoactivespacesMatch4.5.0community

tibcoactivespacesMatch4.5.0developer

tibcoactivespacesMatch4.5.0enterprise

tibcoactivespacesMatch4.6.0community

tibcoactivespacesMatch4.6.0developer

tibcoactivespacesMatch4.6.0enterprise

tibcoactivespacesMatch4.6.1community

tibcoactivespacesMatch4.6.1developer

tibcoactivespacesMatch4.6.1enterprise

tibcoactivespacesMatch4.6.2community

tibcoactivespacesMatch4.6.2developer

tibcoactivespacesMatch4.6.2enterprise

tibcoeftlMatch6.2.0community

tibcoeftlMatch6.2.0developer

tibcoeftlMatch6.2.0enterprise

tibcoeftlMatch6.3.0community

tibcoeftlMatch6.3.0developer

tibcoeftlMatch6.3.0enterprise

tibcoeftlMatch6.3.1community

tibcoeftlMatch6.3.1developer

tibcoeftlMatch6.3.1enterprise

tibcoeftlMatch6.4.0community

tibcoeftlMatch6.4.0developer

tibcoeftlMatch6.4.0enterprise

tibcoeftlMatch6.5.0community

tibcoeftlMatch6.5.0developer

tibcoeftlMatch6.5.0enterprise

tibcoeftlMatch6.6.0community

tibcoeftlMatch6.6.0developer

tibcoeftlMatch6.6.0enterprise

tibcoeftlMatch6.6.1community

tibcoeftlMatch6.6.1developer

tibcoeftlMatch6.6.1enterprise

tibcoeftlMatch6.7.0community

tibcoeftlMatch6.7.0developer

tibcoeftlMatch6.7.0enterprise

tibcoftlMatch6.2.0community

tibcoftlMatch6.2.0developer

tibcoftlMatch6.2.0enterprise

tibcoftlMatch6.3.0community

tibcoftlMatch6.3.0developer

tibcoftlMatch6.3.0enterprise

tibcoftlMatch6.3.1community

tibcoftlMatch6.3.1developer

tibcoftlMatch6.3.1enterprise

tibcoftlMatch6.4.0community

tibcoftlMatch6.4.0developer

tibcoftlMatch6.4.0enterprise

tibcoftlMatch6.5.0community

tibcoftlMatch6.5.0developer

tibcoftlMatch6.5.0enterprise

tibcoftlMatch6.6.0community

tibcoftlMatch6.6.0developer

tibcoftlMatch6.6.0enterprise

tibcoftlMatch6.6.1community

tibcoftlMatch6.6.1developer

tibcoftlMatch6.6.1enterprise

tibcoftlMatch6.7.0community

tibcoftlMatch6.7.0developer

tibcoftlMatch6.7.0enterprise

CPENameOperatorVersion
tibco:activespacestibco activespaceseq4.3.0
tibco:activespacestibco activespaceseq4.4.0
tibco:activespacestibco activespaceseq4.5.0
tibco:activespacestibco activespaceseq4.6.0
tibco:activespacestibco activespaceseq4.6.1
tibco:activespacestibco activespaceseq4.6.2
tibco:eftltibco eftleq6.2.0
tibco:eftltibco eftleq6.3.0
tibco:eftltibco eftleq6.3.1
tibco:eftltibco eftleq6.4.0

CPE	Name	Operator	Version
tibco:activespaces	tibco activespaces	eq	4.3.0
tibco:activespaces	tibco activespaces	eq	4.4.0
tibco:activespaces	tibco activespaces	eq	4.5.0
tibco:activespaces	tibco activespaces	eq	4.6.0
tibco:activespaces	tibco activespaces	eq	4.6.1
tibco:activespaces	tibco activespaces	eq	4.6.2
tibco:eftl	tibco eftl	eq	6.2.0
tibco:eftl	tibco eftl	eq	6.3.0
tibco:eftl	tibco eftl	eq	6.3.1
tibco:eftl	tibco eftl	eq	6.4.0

Rows per page:

1-10 of 221

CNA Affected

[
  {
    "product": "TIBCO ActiveSpaces - Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "4.3.0"
      },
      {
        "status": "affected",
        "version": "4.4.0"
      },
      {
        "status": "affected",
        "version": "4.5.0"
      },
      {
        "status": "affected",
        "version": "4.6.0"
      },
      {
        "status": "affected",
        "version": "4.6.1"
      },
      {
        "status": "affected",
        "version": "4.6.2"
      }
    ]
  },
  {
    "product": "TIBCO ActiveSpaces - Developer Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "4.3.0"
      },
      {
        "status": "affected",
        "version": "4.4.0"
      },
      {
        "status": "affected",
        "version": "4.5.0"
      },
      {
        "status": "affected",
        "version": "4.6.0"
      },
      {
        "status": "affected",
        "version": "4.6.1"
      },
      {
        "status": "affected",
        "version": "4.6.2"
      }
    ]
  },
  {
    "product": "TIBCO ActiveSpaces - Enterprise Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "4.3.0"
      },
      {
        "status": "affected",
        "version": "4.4.0"
      },
      {
        "status": "affected",
        "version": "4.5.0"
      },
      {
        "status": "affected",
        "version": "4.6.0"
      },
      {
        "status": "affected",
        "version": "4.6.1"
      },
      {
        "status": "affected",
        "version": "4.6.2"
      }
    ]
  },
  {
    "product": "TIBCO FTL - Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0"
      },
      {
        "status": "affected",
        "version": "6.3.0"
      },
      {
        "status": "affected",
        "version": "6.3.1"
      },
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.5.0"
      },
      {
        "status": "affected",
        "version": "6.6.0"
      },
      {
        "status": "affected",
        "version": "6.6.1"
      },
      {
        "status": "affected",
        "version": "6.7.0"
      }
    ]
  },
  {
    "product": "TIBCO FTL - Developer Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0"
      },
      {
        "status": "affected",
        "version": "6.3.0"
      },
      {
        "status": "affected",
        "version": "6.3.1"
      },
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.5.0"
      },
      {
        "status": "affected",
        "version": "6.6.0"
      },
      {
        "status": "affected",
        "version": "6.6.1"
      },
      {
        "status": "affected",
        "version": "6.7.0"
      }
    ]
  },
  {
    "product": "TIBCO FTL - Enterprise Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0"
      },
      {
        "status": "affected",
        "version": "6.3.0"
      },
      {
        "status": "affected",
        "version": "6.3.1"
      },
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.5.0"
      },
      {
        "status": "affected",
        "version": "6.6.0"
      },
      {
        "status": "affected",
        "version": "6.6.1"
      },
      {
        "status": "affected",
        "version": "6.7.0"
      }
    ]
  },
  {
    "product": "TIBCO eFTL - Community Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0"
      },
      {
        "status": "affected",
        "version": "6.3.0"
      },
      {
        "status": "affected",
        "version": "6.3.1"
      },
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.5.0"
      },
      {
        "status": "affected",
        "version": "6.6.0"
      },
      {
        "status": "affected",
        "version": "6.6.1"
      },
      {
        "status": "affected",
        "version": "6.7.0"
      }
    ]
  },
  {
    "product": "TIBCO eFTL - Developer Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0"
      },
      {
        "status": "affected",
        "version": "6.3.0"
      },
      {
        "status": "affected",
        "version": "6.3.1"
      },
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.5.0"
      },
      {
        "status": "affected",
        "version": "6.6.0"
      },
      {
        "status": "affected",
        "version": "6.6.1"
      },
      {
        "status": "affected",
        "version": "6.7.0"
      }
    ]
  },
  {
    "product": "TIBCO eFTL - Enterprise Edition",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "6.2.0"
      },
      {
        "status": "affected",
        "version": "6.3.0"
      },
      {
        "status": "affected",
        "version": "6.3.1"
      },
      {
        "status": "affected",
        "version": "6.4.0"
      },
      {
        "status": "affected",
        "version": "6.5.0"
      },
      {
        "status": "affected",
        "version": "6.6.0"
      },
      {
        "status": "affected",
        "version": "6.6.1"
      },
      {
        "status": "affected",
        "version": "6.7.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

41.0%

JSON

Related for CVE-2021-35497

cvelist1 nvd1 prion1 tibco2