CVE-2022-30574

Published Aug 9, 2022

Last updated 6 months ago

CVSS medium 4.6

Overview

Description: The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, TIBCO FTL - Enterprise Edition: version 6.8.0, TIBCO eFTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO eFTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO eFTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO eFTL - Enterprise Edition: version 6.8.0.
Source: security@tibco.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tibco:ftl:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C70CD63C-4E67-4067-BE61-A3F0F20B2FF7",
            "versionEndIncluding": "6.7.3",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:tibco:ftl:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E763FF1F-EA73-42AB-A975-0CE765265662",
            "versionEndIncluding": "6.8.0",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:tibco:ftl:*:*:*:*:developer:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "91D694DE-7F31-4CBC-9A17-E16DD136979E",
            "versionEndIncluding": "6.8.0",
            "versionStartIncluding": "6.0.1"
          },
          {
            "criteria": "cpe:2.3:a:tibco:ftl:6.8.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68E1EA1B-8795-4E53-A2BB-39162B53A1D9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:tibco:eftl:*:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D485C5C-43DF-4CF1-B9C8-EC233DE33A1E",
            "versionEndIncluding": "6.7.3",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:tibco:eftl:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69A74216-7BA6-4188-84FD-831E819A24F1",
            "versionEndIncluding": "6.8.0",
            "versionStartIncluding": "6.0.0"
          },
          {
            "criteria": "cpe:2.3:a:tibco:eftl:*:*:*:*:developer:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "902741F5-B8C3-4894-AD32-353060446519",
            "versionEndIncluding": "6.8.0",
            "versionStartIncluding": "6.0.1"
          },
          {
            "criteria": "cpe:2.3:a:tibco:eftl:6.8.0:*:*:*:enterprise:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12DBFB38-76C5-43B1-9927-C970B782A670"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References