Security Advisory regarding TIBCO Managed File Transfer Platform Server for IBM i - CVE-2020-9412
Article ID: KB0108043
Updated On:
| Products | Versions |
|---|---|
| TIBCO Managed File Transfer Platform Server for IBM i | 7.1.0 and below, 8.0.0 |
Description
TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command
Execution
Original release date: June 9, 2020
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows
execution of arbitrary commands at the privilege level of the affected system
following a failed file transfer.
Impact
The impact of this vulnerability includes the possibility that an
unauthenticatedattacker could execute arbitrary commands on the system.
CVSS v3 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Environment
Systems Affected
TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and
below
TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0
The following component is affected:
* file transfer
Resolution
Solution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and
below update to version 7.1.1 or higher
TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update
to version 8.0.1 or higher
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and
below update to version 7.1.1 or higher
TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update
to version 8.0.1 or higher
Issue/Introduction
Security Advisory regarding TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2020-9412
http://www.tibco.com/services/support/advisories
CVE-2020-9412
Feedback
Yes
No
Powered by
