CVE-2021-43055
Published on: Not Yet Published
Last Modified on: 07/12/2022 05:42:00 PM UTC
Certain versions of Eftl from Tibco contain the following vulnerability:
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.
- CVE-2021-43055 has been assigned by
sec[email protected] to track the vulnerability - currently rated as HIGH severity.
- Affected Vendor/Software:
TIBCO Software Inc. - TIBCO eFTL - Community Edition version <= 6.7.2
- Affected Vendor/Software:
TIBCO Software Inc. - TIBCO eFTL - Developer Edition version <= 6.7.2
- Affected Vendor/Software:
TIBCO Software Inc. - TIBCO eFTL - Enterprise Edition version <= 6.7.2
CVSS3 Score: 8.8 - HIGH
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | LOW | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVSS2 Score: 6.5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | SINGLE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | PARTIAL | PARTIAL |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
TIBCO Security Advisory: January 11, 2022 - TIBCO eFTL - 2021-43055 | TIBCO Software | www.tibco.com text/html |
![]() |
Advisory | TIBCO Software | web.archive.org text/html Inactive LinkNot Archived |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Tibco | Eftl | All | All | All | All |
Application | Tibco | Eftl | All | All | All | All |
Application | Tibco | Eftl | All | All | All | All |
- cpe:2.3:a:tibco:eftl:*:*:*:*:community:*:*:*:
- cpe:2.3:a:tibco:eftl:*:*:*:*:developer:*:*:*:
- cpe:2.3:a:tibco:eftl:*:*:*:*:enterprise:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2021-43055 : The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - De… twitter.com/i/web/status/1… | 2022-01-11 18:31:18 |
![]() |
CVE-2021-43055 | 2022-01-11 19:38:39 |