CVE-2021-28820

Published: Mar 23, 2021

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

8.8

HIGH

Description

The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.5.0 and below, TIBCO FTL - Developer Edition: versions 6.5.0 and below, and TIBCO FTL - Enterprise Edition: versions 6.5.0 and below.

Vendor	Product	Versions
TIBCO Software Inc.	TIBCO FTL - Community Edition	affected `unspecified - <= 6.5.0`
TIBCO Software Inc.	TIBCO FTL - Developer Edition	affected `unspecified - <= 6.5.0`
TIBCO Software Inc.	TIBCO FTL - Enterprise Edition	affected `unspecified - <= 6.5.0`

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

http://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-28820

Description

Affected Products

CVSS v3.1 Details

References