Lucene search

[email protected]CVE-2020-9411

HistoryJun 09, 2020 - 5:15 p.m.

CVE-2020-9411

2020-06-0917:15:10

[email protected]

web.nvd.nist.gov

tibco

mft

platform server

ibm i

file transfer

vulnerability

cve-2020-9411

unauthorized access

network security

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option ‘Require Node Resp’ is set to ‘No’. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Affected configurations

NVD

Node

tibcomanaged_file_transfer_platform_serverRange≤7.1.0

tibcomanaged_file_transfer_platform_serverMatch8.0.0

AND

ibmiMatch-

CPENameOperatorVersion
tibco:managed_file_transfer_platform_servertibco managed file transfer platform serverle7.1.0
tibco:managed_file_transfer_platform_servertibco managed file transfer platform servereq8.0.0

CPE	Name	Operator	Version
tibco:managed_file_transfer_platform_server	tibco managed file transfer platform server	le	7.1.0
tibco:managed_file_transfer_platform_server	tibco managed file transfer platform server	eq	8.0.0

CNA Affected

[
  {
    "product": "TIBCO Managed File Transfer Platform Server for IBM i",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "8.0.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CVE-2020-9411

prion1 tibco2 cvelist1 nvd1