TIBCO Managed File Transfer, TIBCO Vault, TIBCO Slingshot and the Poodle Vulnerability

TIBCO Managed File Transfer, TIBCO Vault, TIBCO Slingshot and the Poodle Vulnerability

book

Article ID: KB0108199

calendar_today

Updated On:

Products Versions
TIBCO Managed File Transfer Platform Server for UNIX -
TIBCO Managed File Transfer Platform Server for zOS -
TIBCO Managed File Transfer Platform Server for IBM i -

Description

Description:

The Poodle vulnerability (CVE-2014-3566) is addressed in the following releases:

  • TIBCO Managed File Transfer Internet Server 7.2.4 or later
  • TIBCO Managed File Transfer Command Center 7.2.4 or later
  • TIBCO Slingshot 1.9.3 or later
  • TIBCO Vault 1.1.1 or later
TIBCO Managed File Transfer Platform Servers v7.1.x and earlier are only subject to this vulnerability under the following circumstances:

  • TIBCO Managed File Transfer Platform Server is accepting transfers from unsecured locations
  • TIBCO Managed File Transfer Platform Server is executing using SSL
  • The Client to Server connection is susceptible to man-in-the-middle attacks

To resolve this vulnerability, you can turn on FIPS mode for the following MFT components:

  • TIBCO Managed File Transfer Platform Server for Windows
  • TIBCO Managed File Transfer Platform Server for UNIX
  • TIBCO Managed File Transfer Platform Server for z/Linux
  • TIBCO Managed File Transfer Platform Server for zOS

When you turn on FIPS mode, all transfers will require FIPS.  So it is suggested that if you need to connect to unsecured locations that are susceptible to man-in-the-middle attacks, you should have a dedicated server that only communicates with unsecured locations. 

Note, FIPS is not supported on the following products:
  • TIBCO Managed File Transfer Platform Server for IBM i
  • TIBCO Managed File Transfer Platform Server Agent

Issue/Introduction

TIBCO Managed File Transfer, TIBCO Vault, TIBCO Slingshot and the Poodle Vulnerability

Environment

Product: TIBCO Managed File Transfer Command Center Version: 7.2.4 OS: All Supported Operating Systems -------------------- Product: TIBCO Managed File Transfer Internet Server Version: 7.2.4 OS: All Supported Operating Systems -------------------- Product:TIBCO Managed File Transfer Internet Server with RocketStream Version:7.2.4 OS:All Supported Operating Systems --------------------Product: TIBCO Vault Version:1.1.1 OS: All Supported Operating Systems --------------------Product:TIBCO Slingshot Version:1.9.3 OS:All Supported Operating Systems -------------------- Product:TIBCO Managed File Transfer Platform Server for UNIX Version:7.1 OS:All Supported Operating Systems -------------------- Product:TIBCO Managed File Transfer Platform Server for Windows Version:7.1.1 OS:All Supported Operating Systems -------------------- Product:TIBCO Managed File Transfer Platform Server for z/OS Version:7.1 OS:All Supported Operating Systems -------------------- Product:TIBCO Managed File Transfer Platform Server for IBM i Version:7.1 OS:All Supported Operating Systems -------------------- Product:TIBCO Managed File Transfer Platform Server for zLinux Version:7.1 OS:All Supported Operating Systems -------------------- Product:TIBCO Managed File Transfer Platform Server Agent Version:7.1 OS:All Supported Operating Systems --------------------
Powered by Wolken Software