Login Sign Up

CVE-2021-43054

7.1 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows low-privileged attackers with network access to generate API tokens that can access any channel with arbitrary permissions in TIBCO eFTL Server. Affected systems include TIBCO eFTL Community, Developer, and Enterprise Editions version 6.7.2 and below.

💻 Affected Systems

Products:
  • TIBCO eFTL - Community Edition
  • TIBCO eFTL - Developer Edition
  • TIBCO eFTL - Enterprise Edition
Versions: 6.7.2 and below
Operating Systems: All supported platforms
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments with network-accessible eFTL servers are vulnerable regardless of configuration.

📦 What is this software?

Eftl by Tibco

View all CVEs affecting Eftl →

Eftl by Tibco

View all CVEs affecting Eftl →

Eftl by Tibco

View all CVEs affecting Eftl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could gain complete control over all eFTL channels, intercept sensitive data, inject malicious content, and disrupt messaging services across the entire deployment.

🟠

Likely Case

Unauthorized access to sensitive channels, data exfiltration, privilege escalation, and potential lateral movement within the messaging infrastructure.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, but still potential for unauthorized channel access if exploited.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires low-privileged network access but is described as 'easily exploitable' by the vendor.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.7.3 and above

Vendor Advisory: https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-eftl-2021-43054

Restart Required: Yes

Instructions:

1. Download TIBCO eFTL version 6.7.3 or later from TIBCO support portal. 2. Stop all eFTL services. 3. Backup configuration and data. 4. Install the updated version. 5. Restart eFTL services.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to eFTL servers to only trusted clients and networks

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_IP_RANGE" port protocol="tcp" port="9191" accept'
firewall-cmd --reload

Access Control Lists

all

Implement strict ACLs to limit which clients can connect to eFTL servers

# Configure in eFTL server configuration file
access-control: {
  allow: ["192.168.1.0/24", "10.0.0.0/8"],
  deny: ["0.0.0.0/0"]
}

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to eFTL servers
  • Monitor eFTL server logs for unauthorized token generation attempts and unusual channel access patterns

🔍 How to Verify

Check if Vulnerable:

Check eFTL server version via admin console or configuration files. If version is 6.7.2 or below, system is vulnerable.

Check Version:

grep 'version' /opt/tibco/eftl/conf/server.conf || eftl-server --version

Verify Fix Applied:

Verify eFTL server version is 6.7.3 or higher and test that low-privileged users cannot generate tokens with elevated permissions.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized token generation events
  • Channel access from unexpected IP addresses
  • Permission escalation attempts in audit logs

Network Indicators:

  • Unusual API token generation patterns
  • Traffic to channels from unauthorized sources
  • Anomalous connection patterns to eFTL ports

SIEM Query:

source="eftl.logs" AND ("token generated" OR "permission denied" OR "channel access") | stats count by src_ip, user

📊 Metadata

CVE ID: CVE-2021-43054
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Published: January 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON