Security Advisory regarding TIBCO Managed File Transfer

Security Advisory regarding TIBCO Managed File Transfer

book

Article ID: KB0108039

calendar_today

Updated On:

Products Versions
TIBCO Managed File Transfer Command Center 8.2.1 and below

Description

TIBCO Managed File Transfer reflected XSS vulerability

  Original release date: June 30, 2020
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The components listed above contain a vulnerability that theoretically allows
  an attacker to craft an URL that will execute arbitrary commands on the
  affected system. If the attacker convinces an authenticated user with a
  currently active session to enter or click on the URL the commands will be
  executed on the affected system.


Impact

  The impact of this vulnerability includes the possibility that an attacker can
  gain access to  the session ID of the affected user's session and take any
  action the affected user has privilege to perform.

  CVSS v3 Base Score: 6.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

Environment

Systems Affected TIBCO Managed File Transfer Command Center versions 8.2.1 and below TIBCO Managed File Transfer Internet Server versions 8.2.1 and below The following components are affected: * MFT Browser file transfer client * MFT Browser admin client

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Managed File Transfer Command Center versions 8.2.1 and below update
    to version 8.3.0 or higher

  TIBCO Managed File Transfer Internet Server versions 8.2.1 and below update
    to version 8.3.0 or higher
 

Issue/Introduction

TIBCO Managed File Transfer reflected XSS vulerability

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2020-9413
 
Powered by Wolken Software