CVE-2021-28822— TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-28822
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
TIBCO Enterprise Message Service Windows Platform Artifact Search vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Enterprise Message Service Server (tibemsd), Enterprise Message Service Central Administration (tibemsca), Enterprise Message Service JSON configuration generator (tibemsconf2json), and Enterprise Message Service C API components of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.5.1 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.5.1 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.5.1 and below.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Tibco TIBCO Enterprise Message Service 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Tibco TIBCO Enterprise Message Service是美国Tibco公司的一个企业消息传递中间件。它基于标准的Java?Message Service(JMS)代理,它允许任何支持JMS的应用程序(无论是本地的还是第三方的)快速而轻松地交换消息。 Enterprise Message Service Server 存在安全漏洞,该漏洞允许具有本地访问权限的低特权攻击者可利用该漏洞插入恶意软件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Message Service | unspecified ~ 8.5.1 | - | |
| TIBCO Software Inc. | TIBCO Enterprise Message Service - Community Edition | unspecified ~ 8.5.1 | - | |
| TIBCO Software Inc. | TIBCO Enterprise Message Service - Developer Edition | unspecified ~ 8.5.1 | - |
II. Public POCs for CVE-2021-28822
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-28822
请登录查看更多情报信息。
- http://www.tibco.com/services/support/advisoriesx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-28822
Same Patch Batch · TIBCO Software Inc. · 2021-03-23 · 9 CVEs total
| CVE-2021-23274 | 9.8 CRITICAL | TIBCO API Exchange Gateway Clickjack Vulnerability |
| CVE-2021-28817 | 8.8 HIGH | TIBCO Rendezvous Windows Platform Installation vulnerability |
| CVE-2021-28818 | 8.8 HIGH | TIBCO Rendezvous Windows Platform Artifact Search vulnerability |
| CVE-2021-28819 | 8.8 HIGH | TIBCO FTL Windows Platform Installation vulnerability |
| CVE-2021-28820 | 8.8 HIGH | TIBCO FTL Windows Platform Artifact Search vulnerability |
| CVE-2021-28821 | 8.8 HIGH | TIBCO Enterprise Message Service Windows Platform Installation vulnerability |
| CVE-2021-28823 | 8.8 HIGH | TIBCO eFTL Windows Platform Installation vulnerability |
| CVE-2021-28824 | 8.8 HIGH | TIBCO ActiveSpaces Windows Platform Installation vulnerability |
IV. Related Vulnerabilities
Same vendor: TIBCO Software Inc.
- CVE-2024-1137
TIBCO ActiveSpaces Information Leak Vulnerability - CVE-2024-1138
TIBCO FTL Privilege Escalation - CVE-2023-26222
TIBCO EBX Cross-site Scripting (XXS) Vulnerability - CVE-2023-26221
TIBCO Spotfire Insufficiently Protected Credential vulnerabi - CVE-2023-26219
TIBCO Operational Intelligence Hawk RedTail Credential Expos
V. Comments for CVE-2021-28822
No comments yet