CVE-2021-35497

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveSpaces - Community Edition versions 4.3.0 through 4.6.2 TIBCO ActiveSpaces - Developer Edition versions 4.3.0 through 4.6.2 TIBCO ActiveSpaces - Enterprise Edition versions 4.3.0 through 4.6.2 TIBCO FTL - Community Edition versions 6.2.0 through 6.7.0 TIBCO FTL - Developer Edition versions 6.2.0 through 6.7.0 TIBCO FTL - Enterprise Edition versions 6.2.0 through 6.7.0 TIBCO eFTL - Community Edition versions 6.2.0 through 6.7.0 TIBCO eFTL - Developer Edition versions 6.2.0 through 6.7.0 TIBCO eFTL - Enterprise Edition versions 6.2.0 through 6.7.0

Description: The FTL Server and Docker images containing tibftlserver components of TIBCO Software Inc.'s products contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges.

Recommendations: For TIBCO ActiveSpaces - Community Edition versions 4.3.0 through 4.6.2, update to a version that contains a fix for this issue. For TIBCO ActiveSpaces - Developer Edition versions 4.3.0 through 4.6.2, update to a version that contains a fix for this issue. For TIBCO ActiveSpaces - Enterprise Edition versions 4.3.0 through 4.6.2, update to a version that contains a fix for this issue. For TIBCO FTL - Community Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO FTL - Developer Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO FTL - Enterprise Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO eFTL - Community Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO eFTL - Developer Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO eFTL - Enterprise Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.