TIBCO Enterprise Administrator Vulnerability

   Original release date: Feb 26, 2014
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   TIBCO Enterprise Administrator 1.0.0
   TIBCO Enterprise Administrator SDK 1.0.0

   The following components are affected:

     * TIBCO Enterprise Administrator Server


Description

   The TIBCO Enterprise Administrator components listed above are affected by
   the following critical vulnerabilities:

   CVE-2014-2075 - The TIBCO Administrator components listed above may fail to
   properly enforce administrator privileges in some circumstance.  This may
   allow unprivileged users to execute arbitrary commands with administrator
   privileges.

   TIBCO has released updated versions of the affected components which address
   this issue.  TIBCO strongly recommends sites running the affected components
   to install the applicable update as described below.


Impact

   A successful attack will allow execution of arbitrary code on any system
   that is managed by the TIBCO Enterprise Administrator Server.


Solution
   For each affected system, update to the corresponding software versions
   (or higher):

   TIBCO Enterprise Administrator 1.1.0
   TIBCO Enterprise Administrator SDK 1.1.0


References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2014-2075