TIBCO FTL Privilege Escalation
Original release date: March 12, 2024
Last revised: ---
Source: TIBCO Software Inc.
Products Affected
TIBCO FTL - Enterprise Edition versions 6.10.1 and below
The following component is affected:
* FTL Server
Description
The component listed above contains a vulnerability that allows a low
privileged attacker with network access to execute a privilege escalation on
the affected ftlserver.
Impact
Successful exploitation of this vulnerability may result in an authenticated
but unprivileged user arbitrarily reconfiguring FTL clients attached to the
same ftlserver.
CVSS v3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Solution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version
6.10.2 or later
References
https://community.tibco.com/advisories
CVE-2024-1138