CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1138 – TIBCO FTL Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-1138
12 Mar 2024 — The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. El componente del servidor FTL de TIBCO FTL - Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que permite a un atacante con pocos privilegios y acceso a la red ej... • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-30574 – TIBCO eFTL Secret Jacking
https://notcve.org/view.php?id=CVE-2022-30574
09 Aug 2022 — The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO F... • https://www.tibco.com/services/support/advisories •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-30573 – TIBCO FTL Privilege Escalation
https://notcve.org/view.php?id=CVE-2022-30573
09 Aug 2022 — The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBC... • https://www.tibco.com/services/support/advisories •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43053 – TIBCO FTL Secret Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2021-43053
11 Jan 2022 — The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - ... • https://www.tibco.com/services/support/advisories •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43052 – TIBCO FTL Secret Generation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43052
11 Jan 2022 — The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versio... • https://www.tibco.com/services/support/advisories • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 66EXPL: 0CVE-2021-35497 – TIBCO FTL unvalidated SAN in client certificates
https://notcve.org/view.php?id=CVE-2021-35497
05 Oct 2021 — The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL... • https://www.tibco.com/services/support/advisories • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28820 – TIBCO FTL Windows Platform Artifact Search vulnerability
https://notcve.org/view.php?id=CVE-2021-28820
23 Mar 2021 — The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the co... • http://www.tibco.com/services/support/advisories • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28819 – TIBCO FTL Windows Platform Installation vulnerability
https://notcve.org/view.php?id=CVE-2021-28819
23 Mar 2021 — The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack... • http://www.tibco.com/services/support/advisories • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-11209 – TIBCO FTL Escalation Of Privileges for Realm Configuration
https://notcve.org/view.php?id=CVE-2019-11209
20 Aug 2019 — The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0. El componente de configuración de realm de TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Ente... • http://www.tibco.com/services/support/advisories •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12412 – TIBCO FTL Realm Server Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12412
06 Nov 2018 — The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.... • http://www.securityfocus.com/bid/105861 • CWE-352: Cross-Site Request Forgery (CSRF) •