CVE-2021-28825

Name of the Vulnerable Software and Affected Versions: TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition versions 1.3.0 and below TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition versions 1.3.0 and below

Description: The Windows Installation component of TIBCO Software Inc.'s TIBCO Messaging - Eclipse Mosquitto Distribution contains a vulnerability that allows a low-privileged attacker with local access on some versions of the Windows operating system to insert malicious software. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation, allowing the affected component to execute the malicious software with elevated privileges.

Recommendations: For TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Community Edition versions 1.3.0 and below, update to a version above 1.3.0 to resolve the issue. For TIBCO Messaging - Eclipse Mosquitto Distribution - Core - Enterprise Edition versions 1.3.0 and below, update to a version above 1.3.0 to resolve the issue.