Security Advisory regarding TIBCO Managed File Transfer Platform Server for IBM i - CVE-2020-9412
book
Article ID: KB0108043
calendar_today
Updated On:
Products
Versions
TIBCO Managed File Transfer Platform Server for IBM i
7.1.0 and below, 8.0.0
Description
TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution
Original release date: June 9, 2020 Last revised: --- Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer.
Impact
The impact of this vulnerability includes the possibility that an unauthenticatedattacker could execute arbitrary commands on the system.
CVSS v3 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Environment
Systems Affected
TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and
below
TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0
The following component is affected:
* file transfer
Resolution
Solution
TIBCO has released updated versions of the affected systems which address this issue:
TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and below update to version 7.1.1 or higher TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update to version 8.0.1 or higher
Issue/Introduction
Security Advisory regarding TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command