Lucene search

[email protected]CVE-2020-9414

HistoryJun 30, 2020 - 8:15 p.m.

CVE-2020-9414

2020-06-3020:15:13

CWE-79

[email protected]

web.nvd.nist.gov

tibco

software

inc.

managed file transfer

command center

internet server

cve-2020-9414

vulnerability

session identifier

theft

nvd

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Affected configurations

NVD

Node

tibcomanaged_file_transfer_command_centerRange<8.2.1

tibcomanaged_file_transfer_internet_serverRange<8.2.1

CPENameOperatorVersion
tibco:managed_file_transfer_command_centertibco managed file transfer command centerlt8.2.1
tibco:managed_file_transfer_internet_servertibco managed file transfer internet serverlt8.2.1

CPE	Name	Operator	Version
tibco:managed_file_transfer_command_center	tibco managed file transfer command center	lt	8.2.1
tibco:managed_file_transfer_internet_server	tibco managed file transfer internet server	lt	8.2.1

CNA Affected

[
  {
    "product": "TIBCO Managed File Transfer Command Center",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Managed File Transfer Internet Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Related for CVE-2020-9414

cvelist1 tibco2 nvd1 prion1