Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTibcoCVE-2020-9413
HistoryJun 30, 2020 - 8:15 p.m.

CVE-2020-9413

2020-06-3020:15:13
CWE-79
tibco
web.nvd.nist.gov
26
cve-2020-9413
tibco
mft browser
file transfer client
admin client
vulnerability
arbitrary command execution
security
nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Affected configurations

Nvd
Node
tibcomanaged_file_transfer_command_centerRange<8.2.1
OR
tibcomanaged_file_transfer_internet_serverRange<8.2.1
VendorProductVersionCPE
tibcomanaged_file_transfer_command_center*cpe:2.3:a:tibco:managed_file_transfer_command_center:*:*:*:*:*:*:*:*
tibcomanaged_file_transfer_internet_server*cpe:2.3:a:tibco:managed_file_transfer_internet_server:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "TIBCO Managed File Transfer Command Center",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Managed File Transfer Internet Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

tibco 2
nvd 1
prion 1
cvelist 1
tibco
tibco
TIBCO Security Advisory: June 30, 2020 - TIBCO Managed File Transfer -2020-9413
2020-06-24 18:25:08
TIBCO Security Advisory: June 30, 2020 - TIBCO Managed File Transfer -2020-9413
2020-06-24 18:25:08
nvd
nvd
CVE-2020-9413
2020-06-30 20:15:13
prion
prion
Design/Logic Flaw
2020-06-30 20:15:00
cvelist
cvelist
CVE-2020-9413 TIBCO Managed File Transfer reflected XSS vulerability
2020-06-30 19:40:14

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

64.8%

JSON
Related for CVE-2020-9413
tibco2nvd1prion1cvelist1