TIBCO Enterprise Administrator Vulnerability
Original release date: Feb 26, 2014
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Enterprise Administrator 1.0.0
TIBCO Enterprise Administrator SDK 1.0.0
The following components are affected:
* TIBCO Enterprise Administrator Server
Description
The TIBCO Enterprise Administrator components listed above are affected by
the following critical vulnerabilities:
CVE-2014-2075 - The TIBCO Administrator components listed above may fail to
properly enforce administrator privileges in some circumstance. This may
allow unprivileged users to execute arbitrary commands with administrator
privileges.
TIBCO has released updated versions of the affected components which address
this issue. TIBCO strongly recommends sites running the affected components
to install the applicable update as described below.
Impact
A successful attack will allow execution of arbitrary code on any system
that is managed by the TIBCO Enterprise Administrator Server.
Solution
For each affected system, update to the corresponding software versions
(or higher):
TIBCO Enterprise Administrator 1.1.0
TIBCO Enterprise Administrator SDK 1.1.0
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2014-2075