CVE-2024-1138: TIBCO FTL Privilege Escalation

8.8 CVSS

Description

The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.

Classification

CVE ID: CVE-2024-1138

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

Successful exploitation of this vulnerability may result in an authenticated but unprivileged user arbitrarily reconfiguring FTL clients attached to the same ftlserver.

Affected Products

Vendor: TIBCO Software Inc.

Product: TIBCO FTL - Enterprise Edition

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.16% (probability of being exploited)

EPSS Percentile: 38.18% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-1138
https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/

Timeline

2025-03-28 19:40:20 UTC
CVE

TIBCO FTL Privilege Escalation