Vulnerabilities > CVE-2021-43054 - Unspecified vulnerability in Tibco Eftl

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

tibco

NVD

Published: 2022-01-11

Updated: 2022-01-19

Summary

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco Eftl - Tibco Eftl 6.2.0 Tibco Eftl 6.3.0 Tibco Eftl 6.3.1 Tibco Eftl 6.4.0 Tibco Eftl 6.5.0 Tibco Eftl 6.6.0 Tibco Eftl 6.6.1 Tibco Eftl 6.7.0	27

Summary

Vulnerable Configurations

References