CVE-2021-35497

EPSS 0.17%
Published 05.10.2021 18:15:07
Last modified 21.11.2024 06:12:23
Source security@tibco.com
Teams watchlist Login
Open Login

The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Tibco ≫ Activespaces Version4.3.0 SwEditioncommunity

Tibco ≫ Activespaces Version4.3.0 SwEditiondeveloper

Tibco ≫ Activespaces Version4.3.0 SwEditionenterprise

Tibco ≫ Activespaces Version4.4.0 SwEditioncommunity

Tibco ≫ Activespaces Version4.4.0 SwEditiondeveloper

Tibco ≫ Activespaces Version4.4.0 SwEditionenterprise

Tibco ≫ Activespaces Version4.5.0 SwEditioncommunity

Tibco ≫ Activespaces Version4.5.0 SwEditiondeveloper

Tibco ≫ Activespaces Version4.5.0 SwEditionenterprise

Tibco ≫ Activespaces Version4.6.0 SwEditioncommunity

Tibco ≫ Activespaces Version4.6.0 SwEditiondeveloper

Tibco ≫ Activespaces Version4.6.0 SwEditionenterprise

Tibco ≫ Activespaces Version4.6.1 SwEditioncommunity

Tibco ≫ Activespaces Version4.6.1 SwEditiondeveloper

Tibco ≫ Activespaces Version4.6.1 SwEditionenterprise

Tibco ≫ Activespaces Version4.6.2 SwEditioncommunity

Tibco ≫ Activespaces Version4.6.2 SwEditiondeveloper

Tibco ≫ Activespaces Version4.6.2 SwEditionenterprise

Tibco ≫ Eftl Version6.2.0 SwEditioncommunity

Tibco ≫ Eftl Version6.2.0 SwEditiondeveloper

Tibco ≫ Eftl Version6.2.0 SwEditionenterprise

Tibco ≫ Eftl Version6.3.0 SwEditioncommunity

Tibco ≫ Eftl Version6.3.0 SwEditiondeveloper

Tibco ≫ Eftl Version6.3.0 SwEditionenterprise

Tibco ≫ Eftl Version6.3.1 SwEditioncommunity

Tibco ≫ Eftl Version6.3.1 SwEditiondeveloper

Tibco ≫ Eftl Version6.3.1 SwEditionenterprise

Tibco ≫ Eftl Version6.4.0 SwEditioncommunity

Tibco ≫ Eftl Version6.4.0 SwEditiondeveloper

Tibco ≫ Eftl Version6.4.0 SwEditionenterprise

Tibco ≫ Eftl Version6.5.0 SwEditioncommunity

Tibco ≫ Eftl Version6.5.0 SwEditiondeveloper

Tibco ≫ Eftl Version6.5.0 SwEditionenterprise

Tibco ≫ Eftl Version6.6.0 SwEditioncommunity

Tibco ≫ Eftl Version6.6.0 SwEditiondeveloper

Tibco ≫ Eftl Version6.6.0 SwEditionenterprise

Tibco ≫ Eftl Version6.6.1 SwEditioncommunity

Tibco ≫ Eftl Version6.6.1 SwEditiondeveloper

Tibco ≫ Eftl Version6.6.1 SwEditionenterprise

Tibco ≫ Eftl Version6.7.0 SwEditioncommunity

Tibco ≫ Eftl Version6.7.0 SwEditiondeveloper

Tibco ≫ Eftl Version6.7.0 SwEditionenterprise

Tibco ≫ Ftl Version6.2.0 SwEditioncommunity

Tibco ≫ Ftl Version6.2.0 SwEditiondeveloper

Tibco ≫ Ftl Version6.2.0 SwEditionenterprise

Tibco ≫ Ftl Version6.3.0 SwEditioncommunity

Tibco ≫ Ftl Version6.3.0 SwEditiondeveloper

Tibco ≫ Ftl Version6.3.0 SwEditionenterprise

Tibco ≫ Ftl Version6.3.1 SwEditioncommunity

Tibco ≫ Ftl Version6.3.1 SwEditiondeveloper

Tibco ≫ Ftl Version6.3.1 SwEditionenterprise

Tibco ≫ Ftl Version6.4.0 SwEditioncommunity

Tibco ≫ Ftl Version6.4.0 SwEditiondeveloper

Tibco ≫ Ftl Version6.4.0 SwEditionenterprise

Tibco ≫ Ftl Version6.5.0 SwEditioncommunity

Tibco ≫ Ftl Version6.5.0 SwEditiondeveloper

Tibco ≫ Ftl Version6.5.0 SwEditionenterprise

Tibco ≫ Ftl Version6.6.0 SwEditioncommunity

Tibco ≫ Ftl Version6.6.0 SwEditiondeveloper

Tibco ≫ Ftl Version6.6.0 SwEditionenterprise

Tibco ≫ Ftl Version6.6.1 SwEditioncommunity

Tibco ≫ Ftl Version6.6.1 SwEditiondeveloper

Tibco ≫ Ftl Version6.6.1 SwEditionenterprise

Tibco ≫ Ftl Version6.7.0 SwEditioncommunity

Tibco ≫ Ftl Version6.7.0 SwEditiondeveloper

Tibco ≫ Ftl Version6.7.0 SwEditionenterprise

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.393

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
security@tibco.com	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.tibco.com/services/support/advisories

Vendor Advisory

https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-35497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-35497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-35497

EUVD