Improper access control in TIBCO FTL



Published: 2019-08-21
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-11209
CWE-ID CWE-269
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		TIBCO FTL Enterprise Edition
Other software / Other software solutions

TIBCO FTL Developer Edition
Other software / Other software solutions

TIBCO FTL Community Edition
Other software / Other software solutions

Vendor TIBCO

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Privilege Management

EUVDB-ID: #VU20342

Risk: Medium

CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11209

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privilege on the target system.

The vulnerability exists due to the realm configuration component fails to properly enforce access controls. A remote authenticated attacker can gain access to the contents of all messages in the FTL realm, manipulate the contents of the messages, and deny access to sending messages.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

TIBCO FTL Enterprise Edition: 6.0.0 - 6.1.0

TIBCO FTL Developer Edition: 6.0.1 - 6.1.0

TIBCO FTL Community Edition: 6.0.0 - 6.1.0

External links

http://www.tibco.com/services/support/advisories
http://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###