Improper access control in TIBCO products - CVE-2021-28821
Published: March 24, 2021
Vulnerability identifier: #VU51685
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-28821
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: TIBCO
Affected software:
Enterprise Message Service
Enterprise Message Service Community Edition
Enterprise Message Service Developer Edition
Enterprise Message Service
Enterprise Message Service Community Edition
Enterprise Message Service Developer Edition
Detailed vulnerability description
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions on certain files and/or folders in the Windows Installation component. A local user can insert malicious software and gain full access to the Windows operating system.
How to mitigate CVE-2021-28821
Install updates from vendor's website.