Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2022-30573 CVE-2022-30574 |
CWE-ID | CWE-264 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software |
TIBCO FTL Community Edition Other software / Other software solutions TIBCO FTL Developer Edition Other software / Other software solutions TIBCO FTL Enterprise Edition Other software / Other software solutions TIBCO eFTL Community Edition Other software / Other software solutions TIBCO eFTL Developer Edition Other software / Other software solutions TIBCO eFTL Enterprise Edition Other software / Other software solutions |
Vendor | TIBCO |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU66364
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30573
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user on the local network to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the ftlserver component, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTIBCO FTL Community Edition: 6.0.0 - 6.8.0
TIBCO FTL Developer Edition: 6.0.1 - 6.8.0
TIBCO FTL Enterprise Edition: 6.0.0 - 6.8.0
CPE2.3http://www.tibco.com/services/support/advisories
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU66365
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-30574
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user on the local network to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the ftlserver component, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsTIBCO FTL Community Edition: 6.0.0 - 6.8.0
TIBCO FTL Developer Edition: 6.0.1 - 6.8.0
TIBCO FTL Enterprise Edition: 6.0.0 - 6.8.0
TIBCO eFTL Community Edition: 6.0.0 - 6.8.0
TIBCO eFTL Developer Edition: 6.0.1 - 6.8.0
TIBCO eFTL Enterprise Edition: 6.0.0 - 6.8.0
CPE2.3http://www.tibco.com/services/support/advisories
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.