PT-2021-28366 — Tibco Tibco Activespaces+1

PT-2021-28366 · Tibco · Tibco Activespaces+1

Published

2021-10-05

Updated

2021-10-05

CVSS v3.1

7.5

High

Vector

AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: TIBCO ActiveSpaces - Community Edition versions 4.3.0 through 4.6.2 TIBCO ActiveSpaces - Developer Edition versions 4.3.0 through 4.6.2 TIBCO ActiveSpaces - Enterprise Edition versions 4.3.0 through 4.6.2 TIBCO FTL - Community Edition versions 6.2.0 through 6.7.0 TIBCO FTL - Developer Edition versions 6.2.0 through 6.7.0 TIBCO FTL - Enterprise Edition versions 6.2.0 through 6.7.0 TIBCO eFTL - Community Edition versions 6.2.0 through 6.7.0 TIBCO eFTL - Developer Edition versions 6.2.0 through 6.7.0 TIBCO eFTL - Enterprise Edition versions 6.2.0 through 6.7.0

Description: The issue allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates, which can be used for man-in-the-middle attacks or to escalate privileges to gain administrative privileges.

Recommendations: For TIBCO ActiveSpaces - Community Edition versions 4.3.0 through 4.6.2, update to a version that contains a fix for this issue. For TIBCO ActiveSpaces - Developer Edition versions 4.3.0 through 4.6.2, update to a version that contains a fix for this issue. For TIBCO ActiveSpaces - Enterprise Edition versions 4.3.0 through 4.6.2, update to a version that contains a fix for this issue. For TIBCO FTL - Community Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO FTL - Developer Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO FTL - Enterprise Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO eFTL - Community Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO eFTL - Developer Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. For TIBCO eFTL - Enterprise Edition versions 6.2.0 through 6.7.0, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

PYSEC-2021-881

Affected Products

Tibco Activespaces

Tibco Ftl