CVE-2024-1138 (GCVE-0-2024-1138)
Vulnerability from cvelistv5
Published
2024-03-12 17:30
Modified
2025-03-28 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver.
Summary
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO FTL - Enterprise Edition |
Version: 0 ≤ 6.10.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:26:30.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tibco:ftl:*:*:*:*:enterprise:*:*:*"
],
"defaultStatus": "unknown",
"product": "ftl",
"vendor": "tibco",
"versions": [
{
"lessThanOrEqual": "6.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T19:05:22.151041Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T18:59:24.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "TIBCO FTL - Enterprise Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.10.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe FTL Server component of TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\u003c/p\u003e"
}
],
"value": "The FTL Server component of TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver.",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T17:30:15.100Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later\u003c/p\u003e"
}
],
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later\n\n"
}
],
"title": "TIBCO FTL Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2024-1138",
"datePublished": "2024-03-12T17:30:15.100Z",
"dateReserved": "2024-01-31T20:35:00.843Z",
"dateUpdated": "2025-03-28T18:59:24.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T18:26:30.563Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-1138\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-03-12T19:05:22.151041Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:tibco:ftl:*:*:*:*:enterprise:*:*:*\"], \"vendor\": \"tibco\", \"product\": \"ftl\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.1\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269 Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-16T18:55:39.708Z\"}}], \"cna\": {\"title\": \"TIBCO FTL Privilege Escalation\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"TIBCO Software Inc.\", \"product\": \"TIBCO FTL - Enterprise Edition\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.10.1\"}], \"defaultStatus\": \"unknown\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"TIBCO has released updated versions of the affected components which address these issues.\\n\\nTIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eTIBCO has released updated versions of the affected components which address these issues.\u003c/p\u003e\u003cp\u003eTIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later\u003c/p\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The FTL Server component of TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe FTL Server component of TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.\u0027s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver.\"}]}], \"providerMetadata\": {\"orgId\": \"4f830c72-39e4-45f6-a99f-78cc01ae04db\", \"shortName\": \"tibco\", \"dateUpdated\": \"2024-03-12T17:30:15.100Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-1138\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-28T18:59:24.770Z\", \"dateReserved\": \"2024-01-31T20:35:00.843Z\", \"assignerOrgId\": \"4f830c72-39e4-45f6-a99f-78cc01ae04db\", \"datePublished\": \"2024-03-12T17:30:15.100Z\", \"assignerShortName\": \"tibco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…