Main Vulnerability Database SB2021100605

SB2021100605 - Improper Certificate Validation in TIBCO ActiveSpaces, FTL and eFTL

Published: October 6, 2021

Security Bulletin ID SB2021100605

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Certificate Validation (CVE-ID: CVE-2021-35497)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper certificate validation in the FTL Server (tibftlserver) and Docker images containing tibftlserver components. A remote authenticated attacker can perform a man-in-the-middle (MitM) attack and gain full administrative access to the affected system.

Remediation

Install update from vendor's website.

References

https://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497

SB2021100605 - Improper Certificate Validation in TIBCO ActiveSpaces, FTL and eFTL

Breakdown by Severity

Description

Remediation

References

Please verify you're human