Security Advisory Regarding TIBCO Managed File Transfer Command Center
Article ID: KB0107977
Updated On:
| Products | Versions |
|---|---|
| TIBCO Managed File Transfer Command Center | 8.3.1 and below, 8.4.0 and 8.4.1 |
Description
TIBCO Managed File Transfer Command Center XXE Vulnerability
Original release date: May 10, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that
allows an unauthenticated attacker with network access to execute XML External
Entity (XXE) attacks on the affected system.
Impact
Successful execution of this vulnerability can result in unauthorized update,
insert or delete access to data on the affected system and associated
resources.
CVSS v3 Base Score: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)
Original release date: May 10, 2022
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an easily exploitable vulnerability that
allows an unauthenticated attacker with network access to execute XML External
Entity (XXE) attacks on the affected system.
Impact
Successful execution of this vulnerability can result in unauthorized update,
insert or delete access to data on the affected system and associated
resources.
CVSS v3 Base Score: 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N)
Issue/Introduction
Security Advisory Regarding TIBCO Managed File Transfer Command Center XXE Vulnerability
Environment
Products Affected
TIBCO Managed File Transfer Command Center versions 8.3.1 and below
TIBCO Managed File Transfer Command Center versions 8.4.0 and 8.4.1
TIBCO Managed File Transfer Internet Server versions 8.3.1 and below
TIBCO Managed File Transfer Internet Server versions 8.4.0 and 8.4.1
The following components are affected:
* DOM XML parser
* SAX XML parser
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO Managed File Transfer Command Center versions 8.3.1 and below update
to version 8.3.2 or later
TIBCO Managed File Transfer Command Center versions 8.4.0 and 8.4.1 update
to version 8.4.2 or later
TIBCO Managed File Transfer Internet Server versions 8.3.1 and below update
to version 8.3.2 or later
TIBCO Managed File Transfer Internet Server versions 8.4.0 and 8.4.1 update
to version 8.4.2 or later
Acknowledgments
TIBCO would like to extend its appreciation to Niv Levy for discovery of this
vulnerability.
issue:
TIBCO Managed File Transfer Command Center versions 8.3.1 and below update
to version 8.3.2 or later
TIBCO Managed File Transfer Command Center versions 8.4.0 and 8.4.1 update
to version 8.4.2 or later
TIBCO Managed File Transfer Internet Server versions 8.3.1 and below update
to version 8.3.2 or later
TIBCO Managed File Transfer Internet Server versions 8.4.0 and 8.4.1 update
to version 8.4.2 or later
Acknowledgments
TIBCO would like to extend its appreciation to Niv Levy for discovery of this
vulnerability.
Additional Information
https://www.tibco.com/services/support/advisories
CVE-2022-22774
CVE-2022-22774
Feedback
Yes
No
Powered by
