Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-1138", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2024-01-31T20:35:00.843Z", "datePublished": "2024-03-12T17:30:15.100Z", "dateUpdated": "2025-03-28T18:59:24.770Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "TIBCO FTL - Enterprise Edition", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "6.10.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.</p>"}], "value": "The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"description": "Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver.", "lang": "en"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-03-12T17:30:15.100Z"}, "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>TIBCO has released updated versions of the affected components which address these issues.</p><p>TIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later</p>"}], "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO FTL - Enterprise Edition versions 6.10.1 and below: update to version 6.10.2 or later\n\n"}], "title": "TIBCO FTL Privilege Escalation"}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.563Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-269", "lang": "en", "description": "CWE-269 Improper Privilege Management"}]}], "affected": [{"vendor": "tibco", "product": "ftl", "cpes": ["cpe:2.3:a:tibco:ftl:*:*:*:*:enterprise:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "6.10.1", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-12T19:05:22.151041Z", "id": "CVE-2024-1138", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-28T18:59:24.770Z"}}]}}