CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-35497 – TIBCO FTL unvalidated SAN in client certificates
https://notcve.org/view.php?id=CVE-2021-35497
The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28820 – TIBCO FTL Windows Platform Artifact Search vulnerability
https://notcve.org/view.php?id=CVE-2021-28820
The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.' • http://www.tibco.com/services/support/advisories • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28819 – TIBCO FTL Windows Platform Installation vulnerability
https://notcve.org/view.php?id=CVE-2021-28819
The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.' • http://www.tibco.com/services/support/advisories • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-11209 – TIBCO FTL Escalation Of Privileges for Realm Configuration
https://notcve.org/view.php?id=CVE-2019-11209
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0. El componente de configuración de realm de TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que teóricamente no aplica correctamente los controles de acceso. Este problema afecta a TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0 y TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0 • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12412 – TIBCO FTL Realm Server Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12412
The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0. El componente del servidor del realm (tibrealmserver) de TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition y TIBCO FTL - Enterprise Edition, de TIBCO Software Inc., contiene una vulnerabilidad que podría permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105861 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl • CWE-352: Cross-Site Request Forgery (CSRF) •