Description
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.tibco.com/services/support/advisories
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-eftl-2021-43055
Scores
CVSS v3
5.9
EPSS
0.0016
EPSS Percentile
36.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
Details
Status
published
Products (1)
tibco/eftl
< 6.7.2 (3 CPE variants)
Published
Jan 11, 2022
Tracked Since
Feb 18, 2026