Improper Privilege Management in TIBCO products - CVE-2019-11209
Published: August 21, 2019 / Updated: August 21, 2019
Vulnerability identifier: #VU20342
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-11209
CWE-ID: CWE-269
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TIBCO
Affected software:
TIBCO FTL Enterprise Edition
TIBCO FTL Developer Edition
TIBCO FTL Community Edition
TIBCO FTL Enterprise Edition
TIBCO FTL Developer Edition
TIBCO FTL Community Edition
Detailed vulnerability description
The vulnerability allows a remote attacker to escalate privilege on the target system.
The vulnerability exists due to the realm configuration component fails to properly enforce access controls. A remote authenticated attacker can gain access to the contents of all messages in the FTL realm, manipulate the contents of the messages, and deny access to sending messages.
How to mitigate CVE-2019-11209
Install updates from vendor's website.