Vulnerability Details CVE-2021-43053
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.8%
CVSS Severity
CVSS v3 Score 8.5
CVSS v2 Score 5.0
References
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43053
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43053
Products affected by CVE-2021-43053
-
cpe:2.3:a:tibco:ftl:-
-
cpe:2.3:a:tibco:ftl:6.0.0
-
cpe:2.3:a:tibco:ftl:6.0.1
-
cpe:2.3:a:tibco:ftl:6.1.0
-
cpe:2.3:a:tibco:ftl:6.2.0
-
cpe:2.3:a:tibco:ftl:6.3.0
-
cpe:2.3:a:tibco:ftl:6.3.1
-
cpe:2.3:a:tibco:ftl:6.4.0
-
cpe:2.3:a:tibco:ftl:6.5.0
-
cpe:2.3:a:tibco:ftl:6.6.0
-
cpe:2.3:a:tibco:ftl:6.6.1
-
cpe:2.3:a:tibco:ftl:6.7.0