TIBCO FTL Secret Exposure Vulnerability
CVE-2021-43053

8.5HIGH

Key Information:

Vendor: Tibco
Status: Tibco Ftl - Community Edition; Tibco Ftl - Developer Edition; Tibco Ftl - Enterprise Edition
Vendor: CVE Published:; 11 January 2022

Summary

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.

Affected Version(s)

TIBCO FTL - Community Edition <= 6.7.2

TIBCO FTL - Developer Edition <= 6.7.2

TIBCO FTL - Enterprise Edition <= 6.7.2

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2022/01/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 11, 2022
Vulnerability Reserved
Oct 27, 2021