Security Advisory for TIBCO Managed File Transfer Products
Article ID: KB0108118
Updated On:
| Products | Versions |
|---|---|
| TIBCO Managed File Transfer Command Center | 8.0.0, 8.0.1 |
Description
TIBCO Managed File Transfer privilege escalation vulnerabilities
Original release date: October 17, 2017
Last revised: --
Description
TIBCO Software Inc Deployments of the affected systems that enable the Administrator Service
may be affected by a vulnerability which may allow any authenticated user to
gain administrative control of Managed File Transfer web applications.
Impact
The impact of this vulnerability includes the theoretical escalation of
privileges by any authenticated user to gain administrative control of
Managed File Transfer web applications.
CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Environment
Systems Affected
TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1
TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1
The following components are affected:
* Administrator Service
Resolution
Deployments that enable the Administrator Service for the affected systems
should remove the file management_activity_activeusers.jsp. This file can be
found relative to the installation directory of the Managed File Transfer
product(s):
<install>/server/webapps/cfcc/view/cfcc/management_activity_activeusers.jsp
should remove the file management_activity_activeusers.jsp. This file can be
found relative to the installation directory of the Managed File Transfer
product(s):
<install>/server/webapps/cfcc/view/cfcc/management_activity_activeusers.jsp
Issue/Introduction
Security Advisory for TIBCO Managed File Transfer Products
Additional Information
http://www.tibco.com/services/support/advisories
CVE: CVE-2017-5531
CVE: CVE-2017-5531
Feedback
Yes
No
Powered by
