CVE-2021-28822Uncontrolled Search Path Element in Software INC Tibco Enterprise Message Service

CWE-427Uncontrolled Search Path Element3 documents3 sources
Severity
7.8HIGHNVD
CNA8.8
EPSS
0.1%
top 84.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Tibco Software INC Tibco Enterprise Message ServiceTibco Software INC Tibco Enterprise Message Service Community EditionTibco Software INC Tibco Enterprise Message Service Developer Edition+1 more
Timeline
PublishedMar 23
Latest updateMay 24

Description

The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

🔴Vulnerability Details

2
GHSA
GHSA-xpvq-rpfc-g9rw: The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configu2022-05-24
CVEList
TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability2021-03-23
CVE-2021-28822 — Uncontrolled Search Path Element | cvebase