CVE-2022-30574

low-risk
Published 2022-08-09

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, TIBCO FTL - Enterprise Edition: version 6.8.0, TIBCO eFTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO eFTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO eFTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO eFTL - Enterprise Edition: version 6.8.0.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.6/10 Medium
ADJACENT_NETWORK / HIGH complexity

Affected Products (8)

Ftl
Ftl
Ftl
Ftl
Eftl
Eftl
Eftl
Eftl

Affected Vendors

Tibco

References (4)

Vendor Advisory https://www.tibco.com/services/support/advisories
Vendor Advisory https://www.tibco.com/support/advisories/2022/08/tibco-security-advisory-august-...
Vendor Advisory https://www.tibco.com/services/support/advisories
Vendor Advisory https://www.tibco.com/support/advisories/2022/08/tibco-security-advisory-august-...
26
/ 100
low-risk
Severity 12/34 · Low
Exploitability 0/34 · Minimal
Exposure 14/34 · Moderate