TibcoCVELIST:CVE-2021-43055CVE-2021-43055 TIBCO eFTL Token Caching Vulnerability
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.9%
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.
CNA Affected
[
{
"product": "TIBCO eFTL - Community Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO eFTL - Developer Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO eFTL - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.7.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
8.9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
42.9%