CVE-2021-28821 — Incorrect Authorization in Software INC Tibco Enterprise Message Service

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

7.8HIGHNVD

CNA8.8

EPSS

0.0%

top 86.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Enterprise Message Service Tibco Software INC Tibco Enterprise Message Service Community Edition Tibco Software INC Tibco Enterprise Message Service Developer Edition +1 more

Timeline

PublishedMar 23

Latest updateMay 24

Description

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privile…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_enterprise_message_service_community_editionunspecified — 8.5.1

▶CVEListV5tibco_software_inc/tibco_enterprise_message_service_developer_editionunspecified — 8.5.1

▶CVEListV5tibco_software_inc/tibco_enterprise_message_serviceunspecified — 8.5.1

▶NVDtibco/enterprise_message_service8.5.1

🔴Vulnerability Details

GHSA

GHSA-j7g9-pj98-m5m7: The Windows Installation component of TIBCO Software Inc↗2022-05-24

▶

CVEList

TIBCO Enterprise Message Service Windows Platform Installation vulnerability↗2021-03-23

▶