VINOTH KUMAR R

TIBCO ActiveSpaces Information Leak Vulnerability Original release date: March 12, 2024 Last revised: --- Source: TIBCO Software Inc. Products Affected TIBCO ActiveSpaces - Enterprise Edition versions 4.4.0 through 4.9.0 The following components are affected: * Proxy * Client Description The components listed above contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Impact This impact of this vulnerability includes the theoretical possibility of bypassing table access controls. The attacker cannot actively make queries, but may observe the results of queries by other clients, even though the attacker does not have permission to access that data. CVSS v3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) Solution TIBCO has released updated versions of the affected systems which address this issue: TIBCO ActiveSpaces - Enterprise Edition versions 4.4.0 through 4.9.0: update to version 4.9.1 or later References https://community.tibco.com/advisories CVE-2024-1137

TIBCO FTL Privilege Escalation Original release date: March 12, 2024 Last revised: --- Source: TIBCO Software Inc. Products Affected TIBCO FTL - Enterprise Edition versions 6.10.1 and below The following component is affected: * FTL Server Description The component listed above contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Impact Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver. CVSS v3.1 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Solution TIBCO has released updated versions of the affected systems which address this issue: TIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later References https://community.tibco.com/advisories CVE-2024-1138