CVE-2021-28821

Summary

CVE	CVE-2021-28821
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-03-23 21:15:00 UTC
Updated	2023-11-07 03:32:00 UTC
Description	The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.

Risk And Classification

Problem Types: CWE-863

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Microsoft	Windows	-	All	All	All
Application	Tibco	Enterprise Message Service	All	All	-	All
Application	Tibco	Enterprise Message Service	All	All	community	All
Application	Tibco	Enterprise Message Service	All	All	developer	All

References

Reference	Source	Link	Tags
Advisory \| TIBCO Software	CONFIRM	www.tibco.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: TIBCO would like to extend its appreciation to Will Dormann of CERT/CC for discovery of this vulnerability.

There are currently no legacy QID mappings associated with this CVE.