Security Advisory regarding TIBCO Managed File Transfer

Security Advisory regarding TIBCO Managed File Transfer

book

Article ID: KB0108038

calendar_today

Updated On:

Products Versions
TIBCO Managed File Transfer Command Center 8.2.1 and below

Description

TIBCO Managed File Transfer reflected XSS vulerability

  Original release date: June 30, 2020
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains a vulnerability that theoretically allows
  an authenticated user with specific permissions to obtain the session
  identifier of another user. The session identifier when replayed could provide
  administrative rights or file transfer permissions to the affected system.


Impact

  The impact of this vulnerability includes the possibility that an attacker
  could gain administrative control of the affected system.

  CVSS v3 Base Score: 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Issue/Introduction

TIBCO Managed File Transfer reflected XSS vulerability

Environment

Systems Affected TIBCO Managed File Transfer Command Center versions 8.2.1 and below TIBCO Managed File Transfer Internet Server versions 8.2.1 and below The following component is affected: * MFT admin service

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Managed File Transfer Command Center versions 8.2.1 and below update
    to version 8.3.0 or higher

  TIBCO Managed File Transfer Internet Server versions 8.2.1 and below update
    to version 8.3.0 or higher
 

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2020-9414
 
Powered by Wolken Software