admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-35497 to fix incorect CVSS vector string

Browse Source
This commit is contained in:
Denny Page 2022-03-10 13:17:30 -08:00
parent f69fa66141
commit b2d48c2cdc
1 changed files with 411 additions and 410 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

821
2021/35xxx/CVE-2021-35497.json
View File

@ -1,411 +1,412 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "security@tibco.com", "ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-10-05T17:00:00Z", "DATE_PUBLIC": "2021-10-05T17:00:00Z",
"ID": "CVE-2021-35497", "UPDATED": "2022-03-10T21:00:00Z",
"STATE": "PUBLIC", "ID": "CVE-2021-35497",
"TITLE": "TIBCO FTL unvalidated SAN in client certificates" "STATE": "PUBLIC",
}, "TITLE": "TIBCO FTL unvalidated SAN in client certificates"
"affects": { },
"vendor": { "affects": {
"vendor_data": [ "vendor": {
{ "vendor_data": [
"product": { {
"product_data": [ "product": {
{ "product_data": [
"product_name": "TIBCO ActiveSpaces - Community Edition", {
"version": { "product_name": "TIBCO ActiveSpaces - Community Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "4.3.0" "version_affected": "=",
}, "version_value": "4.3.0"
{ },
"version_affected": "=", {
"version_value": "4.4.0" "version_affected": "=",
}, "version_value": "4.4.0"
{ },
"version_affected": "=", {
"version_value": "4.5.0" "version_affected": "=",
}, "version_value": "4.5.0"
{ },
"version_affected": "=", {
"version_value": "4.6.0" "version_affected": "=",
}, "version_value": "4.6.0"
{ },
"version_affected": "=", {
"version_value": "4.6.1" "version_affected": "=",
}, "version_value": "4.6.1"
{ },
"version_affected": "=", {
"version_value": "4.6.2" "version_affected": "=",
} "version_value": "4.6.2"
] }
} ]
}, }
{ },
"product_name": "TIBCO ActiveSpaces - Developer Edition", {
"version": { "product_name": "TIBCO ActiveSpaces - Developer Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "4.3.0" "version_affected": "=",
}, "version_value": "4.3.0"
{ },
"version_affected": "=", {
"version_value": "4.4.0" "version_affected": "=",
}, "version_value": "4.4.0"
{ },
"version_affected": "=", {
"version_value": "4.5.0" "version_affected": "=",
}, "version_value": "4.5.0"
{ },
"version_affected": "=", {
"version_value": "4.6.0" "version_affected": "=",
}, "version_value": "4.6.0"
{ },
"version_affected": "=", {
"version_value": "4.6.1" "version_affected": "=",
}, "version_value": "4.6.1"
{ },
"version_affected": "=", {
"version_value": "4.6.2" "version_affected": "=",
} "version_value": "4.6.2"
] }
} ]
}, }
{ },
"product_name": "TIBCO ActiveSpaces - Enterprise Edition", {
"version": { "product_name": "TIBCO ActiveSpaces - Enterprise Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "4.3.0" "version_affected": "=",
}, "version_value": "4.3.0"
{ },
"version_affected": "=", {
"version_value": "4.4.0" "version_affected": "=",
}, "version_value": "4.4.0"
{ },
"version_affected": "=", {
"version_value": "4.5.0" "version_affected": "=",
}, "version_value": "4.5.0"
{ },
"version_affected": "=", {
"version_value": "4.6.0" "version_affected": "=",
}, "version_value": "4.6.0"
{ },
"version_affected": "=", {
"version_value": "4.6.1" "version_affected": "=",
}, "version_value": "4.6.1"
{ },
"version_affected": "=", {
"version_value": "4.6.2" "version_affected": "=",
} "version_value": "4.6.2"
] }
} ]
}, }
{ },
"product_name": "TIBCO FTL - Community Edition", {
"version": { "product_name": "TIBCO FTL - Community Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "6.2.0" "version_affected": "=",
}, "version_value": "6.2.0"
{ },
"version_affected": "=", {
"version_value": "6.3.0" "version_affected": "=",
}, "version_value": "6.3.0"
{ },
"version_affected": "=", {
"version_value": "6.3.1" "version_affected": "=",
}, "version_value": "6.3.1"
{ },
"version_affected": "=", {
"version_value": "6.4.0" "version_affected": "=",
}, "version_value": "6.4.0"
{ },
"version_affected": "=", {
"version_value": "6.5.0" "version_affected": "=",
}, "version_value": "6.5.0"
{ },
"version_affected": "=", {
"version_value": "6.6.0" "version_affected": "=",
}, "version_value": "6.6.0"
{ },
"version_affected": "=", {
"version_value": "6.6.1" "version_affected": "=",
}, "version_value": "6.6.1"
{ },
"version_affected": "=", {
"version_value": "6.7.0" "version_affected": "=",
} "version_value": "6.7.0"
] }
} ]
}, }
{ },
"product_name": "TIBCO FTL - Developer Edition", {
"version": { "product_name": "TIBCO FTL - Developer Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "6.2.0" "version_affected": "=",
}, "version_value": "6.2.0"
{ },
"version_affected": "=", {
"version_value": "6.3.0" "version_affected": "=",
}, "version_value": "6.3.0"
{ },
"version_affected": "=", {
"version_value": "6.3.1" "version_affected": "=",
}, "version_value": "6.3.1"
{ },
"version_affected": "=", {
"version_value": "6.4.0" "version_affected": "=",
}, "version_value": "6.4.0"
{ },
"version_affected": "=", {
"version_value": "6.5.0" "version_affected": "=",
}, "version_value": "6.5.0"
{ },
"version_affected": "=", {
"version_value": "6.6.0" "version_affected": "=",
}, "version_value": "6.6.0"
{ },
"version_affected": "=", {
"version_value": "6.6.1" "version_affected": "=",
}, "version_value": "6.6.1"
{ },
"version_affected": "=", {
"version_value": "6.7.0" "version_affected": "=",
} "version_value": "6.7.0"
] }
} ]
}, }
{ },
"product_name": "TIBCO FTL - Enterprise Edition", {
"version": { "product_name": "TIBCO FTL - Enterprise Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "6.2.0" "version_affected": "=",
}, "version_value": "6.2.0"
{ },
"version_affected": "=", {
"version_value": "6.3.0" "version_affected": "=",
}, "version_value": "6.3.0"
{ },
"version_affected": "=", {
"version_value": "6.3.1" "version_affected": "=",
}, "version_value": "6.3.1"
{ },
"version_affected": "=", {
"version_value": "6.4.0" "version_affected": "=",
}, "version_value": "6.4.0"
{ },
"version_affected": "=", {
"version_value": "6.5.0" "version_affected": "=",
}, "version_value": "6.5.0"
{ },
"version_affected": "=", {
"version_value": "6.6.0" "version_affected": "=",
}, "version_value": "6.6.0"
{ },
"version_affected": "=", {
"version_value": "6.6.1" "version_affected": "=",
}, "version_value": "6.6.1"
{ },
"version_affected": "=", {
"version_value": "6.7.0" "version_affected": "=",
} "version_value": "6.7.0"
] }
} ]
}, }
{ },
"product_name": "TIBCO eFTL - Community Edition", {
"version": { "product_name": "TIBCO eFTL - Community Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "6.2.0" "version_affected": "=",
}, "version_value": "6.2.0"
{ },
"version_affected": "=", {
"version_value": "6.3.0" "version_affected": "=",
}, "version_value": "6.3.0"
{ },
"version_affected": "=", {
"version_value": "6.3.1" "version_affected": "=",
}, "version_value": "6.3.1"
{ },
"version_affected": "=", {
"version_value": "6.4.0" "version_affected": "=",
}, "version_value": "6.4.0"
{ },
"version_affected": "=", {
"version_value": "6.5.0" "version_affected": "=",
}, "version_value": "6.5.0"
{ },
"version_affected": "=", {
"version_value": "6.6.0" "version_affected": "=",
}, "version_value": "6.6.0"
{ },
"version_affected": "=", {
"version_value": "6.6.1" "version_affected": "=",
}, "version_value": "6.6.1"
{ },
"version_affected": "=", {
"version_value": "6.7.0" "version_affected": "=",
} "version_value": "6.7.0"
] }
} ]
}, }
{ },
"product_name": "TIBCO eFTL - Developer Edition", {
"version": { "product_name": "TIBCO eFTL - Developer Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "6.2.0" "version_affected": "=",
}, "version_value": "6.2.0"
{ },
"version_affected": "=", {
"version_value": "6.3.0" "version_affected": "=",
}, "version_value": "6.3.0"
{ },
"version_affected": "=", {
"version_value": "6.3.1" "version_affected": "=",
}, "version_value": "6.3.1"
{ },
"version_affected": "=", {
"version_value": "6.4.0" "version_affected": "=",
}, "version_value": "6.4.0"
{ },
"version_affected": "=", {
"version_value": "6.5.0" "version_affected": "=",
}, "version_value": "6.5.0"
{ },
"version_affected": "=", {
"version_value": "6.6.0" "version_affected": "=",
}, "version_value": "6.6.0"
{ },
"version_affected": "=", {
"version_value": "6.6.1" "version_affected": "=",
}, "version_value": "6.6.1"
{ },
"version_affected": "=", {
"version_value": "6.7.0" "version_affected": "=",
} "version_value": "6.7.0"
] }
} ]
}, }
{ },
"product_name": "TIBCO eFTL - Enterprise Edition", {
"version": { "product_name": "TIBCO eFTL - Enterprise Edition",
"version_data": [ "version": {
{ "version_data": [
"version_affected": "=", {
"version_value": "6.2.0" "version_affected": "=",
}, "version_value": "6.2.0"
{ },
"version_affected": "=", {
"version_value": "6.3.0" "version_affected": "=",
}, "version_value": "6.3.0"
{ },
"version_affected": "=", {
"version_value": "6.3.1" "version_affected": "=",
}, "version_value": "6.3.1"
{ },
"version_affected": "=", {
"version_value": "6.4.0" "version_affected": "=",
}, "version_value": "6.4.0"
{ },
"version_affected": "=", {
"version_value": "6.5.0" "version_affected": "=",
}, "version_value": "6.5.0"
{ },
"version_affected": "=", {
"version_value": "6.6.0" "version_affected": "=",
}, "version_value": "6.6.0"
{ },
"version_affected": "=", {
"version_value": "6.6.1" "version_affected": "=",
}, "version_value": "6.6.1"
{ },
"version_affected": "=", {
"version_value": "6.7.0" "version_affected": "=",
} "version_value": "6.7.0"
] }
} ]
} }
] }
}, ]
"vendor_name": "TIBCO Software Inc." },
} "vendor_name": "TIBCO Software Inc."
] }
} ]
}, }
"data_format": "MITRE", },
"data_type": "CVE", "data_format": "MITRE",
"data_version": "4.0", "data_type": "CVE",
"description": { "data_version": "4.0",
"description_data": [ "description": {
{ "description_data": [
"lang": "eng", {
"value": "The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0." "lang": "eng",
} "value": "The FTL Server (tibftlserver) and Docker images containing tibftlserver components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, TIBCO ActiveSpaces - Enterprise Edition, TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contain a vulnerability that theoretically allows a non-administrative, authenticated FTL user to trick the affected components into creating illegitimate certificates. These maliciously generated certificates can be used to enable man-in-the-middle attacks or to escalate privileges so that the malicious user has administrative privileges. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Developer Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO ActiveSpaces - Enterprise Edition: versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2, TIBCO FTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO FTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Community Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, TIBCO eFTL - Developer Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0, and TIBCO eFTL - Enterprise Edition: versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0."
] }
}, ]
"impact": { },
"cvss": { "impact": {
"attackComplexity": "LOW", "cvss": {
"attackVector": "NETWORK", "attackComplexity": "HIGH",
"availabilityImpact": "HIGH", "attackVector": "NETWORK",
"baseScore": 7.5, "availabilityImpact": "HIGH",
"baseSeverity": "HIGH", "baseScore": 7.5,
"confidentialityImpact": "HIGH", "baseSeverity": "HIGH",
"integrityImpact": "HIGH", "confidentialityImpact": "HIGH",
"privilegesRequired": "LOW", "integrityImpact": "HIGH",
"scope": "CHANGED", "privilegesRequired": "LOW",
"userInteraction": "REQUIRED", "scope": "UNCHANGED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "userInteraction": "NONE",
"version": "3.0" "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
} "version": "3.1"
}, }
"problemtype": { },
"problemtype_data": [ "problemtype": {
{ "problemtype_data": [
"description": [ {
{ "description": [
"lang": "eng", {
"value": "The impact of this vulnerability includes the theoretical possibility that a malicious non-administrative user can gain full administrative access to the affected system." "lang": "eng",
} "value": "The impact of this vulnerability includes the theoretical possibility that a malicious non-administrative user can gain full administrative access to the affected system."
] }
} ]
] }
}, ]
"references": { },
"reference_data": [ "references": {
{ "reference_data": [
"name": "https://www.tibco.com/services/support/advisories", {
"refsource": "CONFIRM", "name": "https://www.tibco.com/services/support/advisories",
"url": "https://www.tibco.com/services/support/advisories" "refsource": "CONFIRM",
}, "url": "https://www.tibco.com/services/support/advisories"
{ },
"refsource": "CONFIRM", {
"name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497", "refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497" "name": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497",
} "url": "https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-5-2021-tibco-ftl-2021-35497"
] }
}, ]
"solution": [ },
{ "solution": [
"lang": "eng", {
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Developer Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Enterprise Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO FTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later" "lang": "eng",
} "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO ActiveSpaces - Community Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Developer Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO ActiveSpaces - Enterprise Edition versions 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.6.1, and 4.6.2 update to version 4.7.0 or later\nTIBCO FTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO FTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Community Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Developer Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later\nTIBCO eFTL - Enterprise Edition versions 6.2.0, 6.3.0, 6.3.1, 6.4.0, 6.5.0, 6.6.0, 6.6.1, and 6.7.0 update to version 6.7.1 or later"
], }
"source": { ],
"discovery": "INTERNAL" "source": {
} "discovery": "INTERNAL"
} }
}