TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: November 6, 2018 - TIBCO FTL
TIBCO FTL Realm Server Vulnerable to CSRF Attacks
Original release date: November 6, 2018
Source: TIBCO Software Inc.
- TIBCO FTL - Community Edition versions 5.4.0 and below
- TIBCO FTL - Developer Edition versions 5.4.0 and below
- TIBCO FTL - Enterprise Edition versions 5.4.0 and below
The following components are affected:
- realm server (tibrealmserver)
The component listed above contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.
The impact of this vulnerability includes the theoretical possibility that an attacker could gain full access to realm configuration. With such access, the attacker might also be able to gain access to all data sent to endpoints controlled by the realm server.
CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
- TIBCO FTL - Community Edition versions 5.4.0 and below update to version 5.4.1 or higher
- TIBCO FTL - Developer Edition versions 5.4.0 and below update to version 5.4.1 or higher
- TIBCO FTL - Enterprise Edition versions 5.4.0 and below update to version 5.4.1 or higher