SB2021041512 - Multiple vulnerabilities in TIBCO Messaging - Eclipse Mosquitto Distribution

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2021-28825)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the Windows Installation component. A local user can bypass implemented security restrictions and insert malicious software.

2) Improper access control (CVE-ID: CVE-2021-28826)

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the Windows Installation component. A local user can bypass implemented security restrictions and insert malicious software.

Remediation

Install update from vendor's website.

References

• http://www.tibco.com/services/support/advisories
• https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-14-2021-tibco-messaging-2021-28825
• https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-14-2021-tibco-messaging-2021-28826