CVE-2022-30574 - Vulnerability Details

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, TIBCO FTL - Enterprise Edition: version 6.8.0, TIBCO eFTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO eFTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO eFTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO eFTL - Enterprise Edition: version 6.8.0.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00044.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Eftl Ftl

Configuration 1 [-]

OR	cpe:2.3:a:tibco:ftl:::::enterprise:::*
	cpe:2.3:a:tibco:ftl:::::community:::*
	cpe:2.3:a:tibco:ftl:::::developer:::*
	cpe:2.3:a:tibco:ftl:6.8.0::::enterprise:::

Configuration 2 [-]

OR	cpe:2.3:a:tibco:eftl:::::enterprise:::*
	cpe:2.3:a:tibco:eftl:::::community:::*
	cpe:2.3:a:tibco:eftl:::::developer:::*
	cpe:2.3:a:tibco:eftl:6.8.0::::enterprise:::

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-52423	The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, TIBCO FTL - Enterprise Edition: version 6.8.0, TIBCO eFTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO eFTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO eFTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO eFTL - Enterprise Edition: version 6.8.0.

Fixes

Solution

TIBCO has released updated versions of the affected components which address these issues. TIBCO FTL - Community Edition versions 6.0.0 through 6.8.0: update to version 6.8.1 or later TIBCO FTL - Developer Edition versions 6.0.1 through 6.8.0: update to version 6.8.1 or later TIBCO FTL - Enterprise Edition versions 6.0.0 through 6.7.3: update to version 6.7.4 or later TIBCO FTL - Enterprise Edition version 6.8.0: update to version 6.8.1 or later TIBCO eFTL - Community Edition versions 6.0.0 through 6.8.0: update to version 6.8.1 or later TIBCO eFTL - Developer Edition versions 6.0.1 through 6.8.0: update to version 6.8.1 or later TIBCO eFTL - Enterprise Edition versions 6.0.0 through 6.7.3: update to version 6.7.4 or later TIBCO eFTL - Enterprise Edition version 6.8.0: update to version 6.8.1 or later

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2022/08/tibco-security-advisory-august-9-2022-tibco-ftl-cve-2022-30574

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2022-08-09T17:20:16.285207Z

Updated: 2024-09-16T18:49:54.765Z

Reserved: 2022-05-11T00:00:00

Link: CVE-2022-30574

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-09T18:15:08.367

Modified: 2024-11-21T07:02:57.573

Link: CVE-2022-30574

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object