TIBCO Security Advisory: January 11, 2022 - TIBCO eFTL - 2021-43054
- TIBCO eFTL - Community Edition versions 6.7.2 and below
- TIBCO eFTL - Developer Edition versions 6.7.2 and below
- TIBCO eFTL - Enterprise Edition versions 6.7.2 and below
The following component is affected:
- eFTL Server
The component listed above contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions.
Successful execution of this vulnerability can result in an attacker gaining full access to communication on an existing channel on the affected system.
CVSS v3 Base Score: 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO eFTL - Community Edition versions 6.7.2 and below update to version 6.7.3 or later
- TIBCO eFTL - Developer Edition versions 6.7.2 and below update to version 6.7.3 or later
- TIBCO eFTL - Enterprise Edition versions 6.7.2 and below update to version 6.7.3 or later