Multiple vulnerabilities in TIBCO Enterprise Message Service
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-28822 CVE-2021-28821 |
| CWE-ID | CWE-264 CWE-284 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Enterprise Message Service Client/Desktop applications / Office applications Enterprise Message Service Community Edition Client/Desktop applications / Office applications Enterprise Message Service Developer Edition Client/Desktop applications / Office applications |
| Vendor | TIBCO |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU51684
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28822
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the affected components search for run-time artifacts outside of the installation hierarchy. A local user can insert malicious software and gain full access to the Windows operating system.
This vulnerability affects the following components:
- Enterprise Message Service Server (tibemsd)
- Enterprise Message Service Central Administration (tibemsca)
- Enterprise Message Service JSON configuration generator (tibemsconf2json)
- Enterprise Message Service C API
Install updates from vendor's website.
Vulnerable software versionsEnterprise Message Service : 5.1.0 - 8.5.1
Enterprise Message Service Community Edition: 5.1.0 - 8.5.1
Enterprise Message Service Developer Edition: 5.1.0 - 8.5.1
External linkshttp://www.tibco.com/services/support/advisories
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU51685
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-28821
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions on certain files and/or folders in the Windows Installation component. A local user can insert malicious software and gain full access to the Windows operating system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsEnterprise Message Service : 5.1.0 - 8.5.1
Enterprise Message Service Community Edition: 5.1.0 - 8.5.1
Enterprise Message Service Developer Edition: 5.1.0 - 8.5.1
External linkshttp://www.tibco.com/services/support/advisories
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
