Security Advisory Regarding TIBCO Managed File Transfer Platform Server
Article ID: KB0107978
Updated On:
| Products | Versions |
|---|---|
| TIBCO Managed File Transfer Platform Server for UNIX | 8.1.0 and below |
Description
TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
Original release date: March 30, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The components listed above contain a difficult to exploit Remote Code
Execution (RCE) vulnerability that allows a low privileged attacker with
network access to execute arbitrary code on the affected system.
Impact
Successful execution of this vulnerability can result in a low privileged
attacker gaining full user access to the affected system.
CVSS v3 Base Score: 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
Environment
Products Affected
TIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and
below
TIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and
below
The following components are affected:
* cfsend
* cfrecv
* CyberResp
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and
below update to version 8.1.1 or later, or version 8.0.1 or later
TIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and
below update to version 8.1.1 or later, or version 8.0.1 or later
issue:
TIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and
below update to version 8.1.1 or later, or version 8.0.1 or later
TIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and
below update to version 8.1.1 or later, or version 8.0.1 or later
Issue/Introduction
Security Advisory Regarding TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2022-22772
CVE-2022-22772
Feedback
Yes
No
Powered by
