{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1138", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2024-01-31T20:35:00.843Z", "datePublished": "2024-03-12T17:30:15.100Z", "dateUpdated": "2025-03-28T18:59:24.770Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "TIBCO FTL - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.10.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.</p>"}], "value": "The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver.", "lang": "en"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-03-12T17:30:15.100Z"}, "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>TIBCO has released updated versions of the affected components which address these issues.</p><p>TIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later</p>"}], "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later\n\n"}], "title": "TIBCO FTL Privilege Escalation"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.563Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "affected": [{"vendor": "tibco", "product": "ftl", "cpes": ["cpe:2.3:a:tibco:ftl:*:*:*:*:enterprise:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.10.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-12T19:05:22.151041Z", "id": "CVE-2024-1138", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T18:59:24.770Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.563Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1138", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-12T19:05:22.151041Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tibco:ftl:*:*:*:*:enterprise:*:*:*"], "vendor": "tibco", "product": "ftl", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.10.1"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-16T18:55:39.708Z"}}], "cna": {"title": "TIBCO FTL Privilege Escalation", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TIBCO Software Inc.", "product": "TIBCO FTL - Enterprise Edition", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "6.10.1"}], "defaultStatus": "unknown"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>TIBCO has released updated versions of the affected components which address these issues.</p><p>TIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later</p>", "base64": false}]}], "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/"}], "descriptions": [{"lang": "en", "value": "The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver."}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-03-12T17:30:15.100Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1138", "state": "PUBLISHED", "dateUpdated": "2025-03-28T18:59:24.770Z", "dateReserved": "2024-01-31T20:35:00.843Z", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "datePublished": "2024-03-12T17:30:15.100Z", "assignerShortName": "tibco"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\n\n"}, {"lang": "es", "value": "El componente del servidor FTL de TIBCO FTL - Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que permite a un atacante con pocos privilegios y acceso a la red ejecutar una escalada de privilegios en el servidor ftl afectado. Las versiones afectadas son TIBCO FTL - Enterprise Edition de TIBCO Software Inc.: versiones 6.10.1 e inferiores."}], "id": "CVE-2024-1138", "lastModified": "2025-03-28T19:15:17.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2024-03-12T18:15:07.300", "references": [{"source": "security@tibco.com", "url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}