CVE-2019-11209 - OpenCVE

The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Ftl

Configuration 1 [-]

OR	cpe:2.3:a:tibco:ftl:6.0.0::::community:::
	cpe:2.3:a:tibco:ftl:6.0.0::::enterprise:::
	cpe:2.3:a:tibco:ftl:6.0.1::::community:::
	cpe:2.3:a:tibco:ftl:6.0.1::::developer:::
	cpe:2.3:a:tibco:ftl:6.0.1::::enterprise:::
	cpe:2.3:a:tibco:ftl:6.1.0::::community:::
	cpe:2.3:a:tibco:ftl:6.1.0::::developer:::
	cpe:2.3:a:tibco:ftl:6.1.0::::enterprise:::

No data.

References

Link	Providers
http://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2019-08-20T17:23:50.577889Z

Updated: 2024-09-16T22:50:25.564Z

Reserved: 2019-04-12T00:00:00

Link: CVE-2019-11209

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-20T18:15:11.173

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-11209

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "TIBCO FTL Community Edition", "vendor": "TIBCO Software Inc.", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.1.0"}]}, {"product": "TIBCO FTL Developer Edition", "vendor": "TIBCO Software Inc.", "versions": [{"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.1.0"}]}, {"product": "TIBCO FTL Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [{"status": "affected", "version": "6.0.0"}, {"status": "affected", "version": "6.0.1"}, {"status": "affected", "version": "6.1.0"}]}], "datePublic": "2019-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to the contents of all messages in the FTL realm, manipulate the contents of the messages, and deny access to sending messages.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-20T17:23:50", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO FTL Community Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Developer Edition versions 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Enterprise Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher."}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO FTL Escalation Of Privileges for Realm Configuration", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2019-08-20T16:00:00.000Z", "ID": "CVE-2019-11209", "STATE": "PUBLIC", "TITLE": "TIBCO FTL Escalation Of Privileges for Realm Configuration"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO FTL Community Edition", "version": {"version_data": [{"version_affected": "=", "version_value": "6.0.0"}, {"version_affected": "=", "version_value": "6.0.1"}, {"version_affected": "=", "version_value": "6.1.0"}]}}, {"product_name": "TIBCO FTL Developer Edition", "version": {"version_data": [{"version_affected": "=", "version_value": "6.0.1"}, {"version_affected": "=", "version_value": "6.1.0"}]}}, {"product_name": "TIBCO FTL Enterprise Edition", "version": {"version_data": [{"version_affected": "=", "version_value": "6.0.0"}, {"version_affected": "=", "version_value": "6.0.1"}, {"version_affected": "=", "version_value": "6.1.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to the contents of all messages in the FTL realm, manipulate the contents of the messages, and deny access to sending messages."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO FTL Community Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Developer Edition versions 6.0.1 and 6.1.0 update to version 6.2.0 or higher.\nTIBCO FTL Enterprise Edition versions 6.0.0, 6.0.1 and 6.1.0 update to version 6.2.0 or higher."}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:09.038Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-11209", "datePublished": "2019-08-20T17:23:50.577889Z", "dateReserved": "2019-04-12T00:00:00", "dateUpdated": "2024-09-16T22:50:25.564Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:ftl:6.0.0:*:*:*:community:*:*:*", "matchCriteriaId": "A4DC2A2F-5FCE-4A7A-9A4E-F15F03191A2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ftl:6.0.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "4D77DBC6-B022-40CD-A95F-B8158EA5ADE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ftl:6.0.1:*:*:*:community:*:*:*", "matchCriteriaId": "F6F66625-0337-440E-8F96-1F83CE766BDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ftl:6.0.1:*:*:*:developer:*:*:*", "matchCriteriaId": "D0E5C155-CB3B-4B05-93D5-DD5BF97CE897", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ftl:6.0.1:*:*:*:enterprise:*:*:*", "matchCriteriaId": "ACA5B292-8AF9-4ED4-99F6-9AEF672C65CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ftl:6.1.0:*:*:*:community:*:*:*", "matchCriteriaId": "CE032C94-27D5-4F5C-AF34-5E029C1AFD7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ftl:6.1.0:*:*:*:developer:*:*:*", "matchCriteriaId": "169C8B4B-3933-498D-966D-CE29380D91A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:ftl:6.1.0:*:*:*:enterprise:*:*:*", "matchCriteriaId": "31578219-77BD-4F50-9199-6B60AB132F0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0."}, {"lang": "es", "value": "El componente de configuraci\u00f3n de realm de TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente no aplica correctamente los controles de acceso. Este problema afecta a TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0 y TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0"}], "id": "CVE-2019-11209", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2019-08-20T18:15:11.173", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-20-2019-tibco-ftl"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}