cve/2021/CVE-2021-43054.md

### [CVE-2021-43054](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43054)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20eFTL%20-%20Community%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20eFTL%20-%20Developer%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=TIBCO%20eFTL%20-%20Enterprise%20Edition&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Successful%20execution%20of%20this%20vulnerability%20can%20result%20in%20an%20attacker%20gaining%20full%20access%20to%20communication%20on%20an%20existing%20channel%20on%20the%20affected%20system.&color=brightgreen)

### Description

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.

### POC

#### Reference
- https://www.tibco.com/services/support/advisories

#### Github
No PoCs found on GitHub currently.