Security Advisory Regarding TIBCO Managed File Transfer Platform Server for Unix and z/Linux

book

Article ID: KB0107926

calendar_today

Updated On:

Products	Versions
TIBCO Managed File Transfer Platform Server for UNIX	8.0.0, 8.0.1, 8.1.0, 8.1.1

Description

TIBCO Managed File Transfer Platform Server for Unix and z/Linux misconfiguration
leads to privilege escalation
Original release date: May 27, 2024
Last revised: ---
CVE-2024-4407
Source: TIBCO Software Inc.

Description

The components listed above contain a vulnerability that allows Platform Server clients to
bypass user-id/password authentication and transfer files as root or execute commands as root.

Impact
The impact of this vulnerability includes the theoretical possibility that allows Platform Server
clients to bypass user-id/password authentication and transfer files as root or even execute
commands as root. For this issue to occur, the product configuration must deviate from the
suggested Platform Server configuration standards. This issue only occurs when the Platform
Server is started as root; when the Platform Server is started as non-root, files cannot be
transferred as root and commands cannot be executed as root.

CVSS v3 Base Score: 9.0 (Critical) CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Environment

Products Affected: TIBCO Managed File Transfer Platform Server for Unix versions 8.0.0, 8.0.1, 8.1.0, 8.1.1 TIBCO Managed File Transfer Platform Server for z/Linux versions 8.0.0, 8.0.1, 8.1.0, 8.1.1 Component Affected: TIBCO Managed File Transfer Platform Server for Unix

Resolution

Upgrade the TIBCO Platform Server for UNIX to 8.0.2 or 8.1.2.
Upgrade the TIBCO Platform Server for z/Linux to 8.0.2 or 8.1.2

Issue/Introduction

Security Advisory Regarding TIBCO Managed File Transfer Platform Server for Unix and z/Linux misconfiguration leads to privilege escalation

Additional Information

https://community.tibco.com/advisories/
CVE-2024-4407

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"