Login Sign Up

CVE-2021-28817

8.8 HIGH

📋 TL;DR

This vulnerability allows a low-privileged attacker with local Windows access to insert malicious software into TIBCO Rendezvous installation directories. The software then executes with elevated privileges due to improper file/folder permissions. Affected users are those running vulnerable versions of TIBCO Rendezvous or TIBCO Rendezvous Developer Edition on Windows systems.

💻 Affected Systems

Products:
  • TIBCO Rendezvous
  • TIBCO Rendezvous Developer Edition
Versions: 8.5.1 and below
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Windows installations. Requires local access to the system with low privileges.

📦 What is this software?

Rendezvous by Tibco

View all CVEs affecting Rendezvous →

Rendezvous by Tibco

View all CVEs affecting Rendezvous →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via privilege escalation to SYSTEM/administrator level, enabling complete control over the affected Windows host.

🟠

Likely Case

Local privilege escalation allowing attackers to install persistent malware, steal credentials, or pivot to other systems.

🟢

If Mitigated

Limited impact with proper access controls and monitoring preventing malicious file placement.

🌐 Internet-Facing: LOW - Requires local access to the Windows system, not directly exploitable over network.
🏢 Internal Only: HIGH - Internal attackers or compromised low-privilege accounts can exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access and ability to write files to installation directories. No authentication bypass needed beyond initial low-privilege access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions above 8.5.1

Vendor Advisory: http://www.tibco.com/services/support/advisories

Restart Required: Yes

Instructions:

1. Download updated version from TIBCO support portal. 2. Uninstall vulnerable version. 3. Install patched version. 4. Restart system.

🔧 Temporary Workarounds

Restrict installation directory permissions

windows

Remove write permissions for low-privileged users on TIBCO Rendezvous installation directories

icacls "C:\Program Files\TIBCO\Rendezvous\*" /deny Users:(OI)(CI)W
icacls "C:\Program Files (x86)\TIBCO\Rendezvous\*" /deny Users:(OI)(CI)W

🧯 If You Can't Patch

  • Implement strict access controls on installation directories to prevent low-privileged users from writing files
  • Monitor for unauthorized file creation in TIBCO installation directories using file integrity monitoring

🔍 How to Verify

Check if Vulnerable:

Check TIBCO Rendezvous version via Control Panel > Programs and Features or registry: HKEY_LOCAL_MACHINE\SOFTWARE\TIBCO\Rendezvous\Version

Check Version:

reg query "HKLM\SOFTWARE\TIBCO\Rendezvous" /v Version

Verify Fix Applied:

Verify version is above 8.5.1 and check installation directory permissions show no write access for low-privileged users

📡 Detection & Monitoring

Log Indicators:

  • Windows Event Logs showing file creation/modification in TIBCO installation directories by low-privileged users
  • Process execution from TIBCO directories with unexpected parent processes

Network Indicators:

  • Unusual outbound connections from TIBCO Rendezvous processes

SIEM Query:

source="Windows Security" EventCode=4663 ObjectName="*TIBCO*Rendezvous*" AccessMask="0x2"

📊 Metadata

CVE ID: CVE-2021-28817
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Published: March 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON