Security Advisory regarding TIBCO Managed File Transfer

book

Article ID: KB0108089

calendar_today

Updated On:

Products	Versions
TIBCO Managed File Transfer Internet Server	7.3.2 and below, 8.0.0, 8.0.1, 8.0.2, 8.1.0

Description

Original release date: December 11, 2018
Last revised: --
Source: TIBCO Software Inc.

Description

The component listed above contains vulnerabilities where an authenticated
user with specific privileges can gain access to credentials to other
systems.

Impact

The impact of this vulnerability includes the theoretical possibility that
an authenticated user with specific kinds of privileges could view
credentials used to access other services, when they should not be able to
do so.

CVSS v3 Base Score: 6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

Issue/Introduction

Security Advisory regarding TIBCO Managed File Transfer Credentials Disclosure

Environment

Systems Affected TIBCO Managed File Transfer Command Center versions 7.3.2 and below TIBCO Managed File Transfer Command Center versions 8.0.0, 8.0.1 and 8.0.2 TIBCO Managed File Transfer Command Center versions 8.1.0 TIBCO Managed File Transfer Internet Server versions 7.3.2 and below TIBCO Managed File Transfer Internet Server versions 8.0.0, 8.0.1 and 8.0.2 TIBCO Managed File Transfer Internet Server versions 8.1.0 The following components are affected: * Administrator Service

Resolution

TIBCO has released updated versions of the affected components which address
these issues.

For each affected system, update to the corresponding software versions:
TIBCO Managed File Transfer Internet Server versions 7.3.2 and below
update to version 7.3.3 or higher
TIBCO Managed File Transfer Internet Server versions 8.0.0, 8.0.1 and 8.0.2
update to version 8.0.3 or higher
TIBCO Managed File Transfer Internet Server versions 8.1.0 update to
version 8.1.1 or higher

Additional Information

http://www.tibco.com/services/support/advisories

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"