Main Vulnerability Database SB2019082101

SB2019082101 - Improper access control in TIBCO FTL

Published: August 21, 2019

Security Bulletin ID SB2019082101

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Privilege Management (CVE-ID: CVE-2019-11209)

The vulnerability allows a remote attacker to escalate privilege on the target system.

The vulnerability exists due to the realm configuration component fails to properly enforce access controls. A remote authenticated attacker can gain access to the contents of all messages in the FTL realm, manipulate the contents of the messages, and deny access to sending messages.

Remediation

Install update from vendor's website.

References

http://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl