Security Advisory regarding TIBCO Managed File Transfer Platform Server for IBM i - CVE-2020-9412

Security Advisory regarding TIBCO Managed File Transfer Platform Server for IBM i - CVE-2020-9412

book

Article ID: KB0108043

calendar_today

Updated On:

Products Versions
TIBCO Managed File Transfer Platform Server for IBM i 7.1.0 and below, 8.0.0

Description

TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command
Execution

  Original release date: June 9, 2020
  Last revised: ---
  Source: TIBCO Software Inc.


Description

  The component listed above contains a vulnerability that theoretically allows
  execution of arbitrary commands at the privilege level of the affected system
  following a failed file transfer.

Impact

  The impact of this vulnerability includes the possibility that an
  unauthenticatedattacker could execute arbitrary commands on the system.

  CVSS v3 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)


 

Environment

Systems Affected   TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and     below   TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0   The following component is affected:     * file transfer

Resolution

Solution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and
    below update to version 7.1.1 or higher
  TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update
    to version 8.0.1 or higher


 

Issue/Introduction

Security Advisory regarding TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command

Additional Information

References

  http://www.tibco.com/services/support/advisories
  CVE-2020-9412