FKIE_CVE-2019-11209

Vulnerability from fkie_nvd - Published: 2019-08-20 18:15 - Updated: 2024-11-21 04:20
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.
References
security@tibco.comhttp://www.tibco.com/services/support/advisoriesVendor Advisory
security@tibco.comhttps://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/services/support/advisoriesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftlVendor Advisory
Impacted products
Vendor Product Version
tibco ftl 6.0.0
tibco ftl 6.0.0
tibco ftl 6.0.1
tibco ftl 6.0.1
tibco ftl 6.0.1
tibco ftl 6.1.0
tibco ftl 6.1.0
tibco ftl 6.1.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.0.0:*:*:*:community:*:*:*",
              "matchCriteriaId": "A4DC2A2F-5FCE-4A7A-9A4E-F15F03191A2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "4D77DBC6-B022-40CD-A95F-B8158EA5ADE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.0.1:*:*:*:community:*:*:*",
              "matchCriteriaId": "F6F66625-0337-440E-8F96-1F83CE766BDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.0.1:*:*:*:developer:*:*:*",
              "matchCriteriaId": "D0E5C155-CB3B-4B05-93D5-DD5BF97CE897",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "ACA5B292-8AF9-4ED4-99F6-9AEF672C65CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.1.0:*:*:*:community:*:*:*",
              "matchCriteriaId": "CE032C94-27D5-4F5C-AF34-5E029C1AFD7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.1.0:*:*:*:developer:*:*:*",
              "matchCriteriaId": "169C8B4B-3933-498D-966D-CE29380D91A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:ftl:6.1.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "31578219-77BD-4F50-9199-6B60AB132F0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The realm configuration component of TIBCO Software Inc.\u0027s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0."
    },
    {
      "lang": "es",
      "value": "El componente de configuraci\u00f3n de realm de TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente no aplica correctamente los controles de acceso. Este problema afecta a TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0 y TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0"
    }
  ],
  "id": "CVE-2019-11209",
  "lastModified": "2024-11-21T04:20:43.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T18:15:11.173",
  "references": [
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/services/support/advisories"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/services/support/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.