SolarWinds Serv-U FTP Server 授权问题漏洞

SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from the U.S. company SolarWinds. SolarWinds Serv-U FTP Server suffers from an authorization issue vulnerability that stems from the deployment of a common encryption key across all of its instances resulting in an...

Vulnerabilities fixed in Oracle Fusion Middleware

Oracle has fixed vulnerabilities in the following Fusion Middleware products: BI Publisher Business Intelligence Enterprise Edition Coherence Global Lifecycle Management NextGen OUI Framework HTTP Server Managed File Transfer Middleware Common Libraries and Tools Security Service SOA Suite...

Xxe

The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerabili...

TIBCO Security Advisory: May 10, 2022 - TIBCO Managed File TransferCommand Center -CVE-2022-22774

TIBCO Managed File Transfer Command Center XXE Vulnerability Original release date: May 10, 2022 Lastrevised: --- CVE-2022-22774 Source: TIBCOSoftware Inc. Products Affected TIBCO Managed File Transfer Command Center versions 8.3.1 and below TIBCO Managed File Transfer Command Center versions 8.4...

CVE-2022-22772

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution RCE vulnerability that allows a low privileged attacker with...

Remote code execution

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution RCE vulnerability that allows a low privileged attacker with...

CVE-2022-22772 TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution RCE vulnerability that allows a low privileged attacker with...

TIBCO Security Advisory: March 30, 2022 - TIBCO Managed File Transfer Platform Server -2022-22772

TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability Original release date: March 30,2022 Last revised: --- CVE-2022-22772 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below TIBCO Managed File...

TIBCO Security Advisory: March 30, 2022 - TIBCO Managed File Transfer Platform Server -2022-22772

TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability Original release date: March 30,2022 Last revised: --- CVE-2022-22772 Source: TIBCO Software Inc. Products Affected TIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below TIBCO Managed File...

CVE-2021-35211

Microsoft discovered a remote code execution RCE vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U...

CVE-2021-35211

CVE-2021-35211 affects SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP for Windows prior to 15.2.3 HF2. The connected PoC exploit documents an out-of-bounds write path leading to remote code execution, with targets around Serv-U version 15.2.3 (examples cite 15.2.3.717). Exploitatio...

Threat Actors are actively exploiting a SolarWinds Zero-Day Vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A zero-day vulnerability CVE-2021-35211 that impacts the Serv-U Managed File Transfer and Serv-U Secure FTP, is been exploited by multiple threat actors. The PoC of this exploited vulnerability was given to SolarWinds by...

CVE-2021-35211

Microsoft discovered a remote code execution RCE vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarWinds Serv-U Managed File Transfer and Serv-U...

SolarWinds Serv-U FTP and Managed File Transfer CVE-2021-35211: What You Need to Know

On July 12, 2021, SolarWinds confirmed an actively exploited zero-day vulnerability, CVE-2021-35211, in the Serv-U FTP and Managed File Transfer component of SolarWinds15.2.3 HF1 released May 5, 2021 and all prior versions. Successful exploitation of CVE-2021-35211 could enable an attacker to gai...

Oracle Business Process Management Suite (Jan 2021 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by the following vulnerabilities as referenced in the January 2021 CPU advisory: - An XML External Entity XXE vulnerability exists in the dom4j library which allows DTDs and external entities by...

IBM WebSphere MQ 8.0.0.x < 8.0.0.7 / 9.0.0.x < 9.0.0.2 / 9.0.x < 9.0.4 Multiple Vulnerabilities

According to its self-reported version, the IBM WebSphere MQ server installed on the remote Windows host is version 8.0.0.x prior to 8.0.0.7, 9.0.x prior to 9.0.4 or 9.0.0.x prior to 9.0.0.2. It is, therefore, affected by multiple vulnerabilities: - A denial of service vulnerability. An...

TIBCO Software Managed File Transfer Command Center and Internet Server Cross-Site Scripting Vulnerability

TIBCO Software Managed File Transfer Command Center and TIBCO Software Managed File Transfer Internet Server are both products of TIBCO Software, Inc.TIBCO Software Managed File Transfer Command Center is an enterprise file transfer management solution. TIBCO Software Managed File Transfer Comman...

TIBCO Software Managed File Transfer Command Center and Internet Server Cross-Site Scripting Vulnerability (CNVD-2021-39542)

TIBCO Software Managed File Transfer Command Center and TIBCO Software Managed File Transfer Internet Server are both products of TIBCO Software, Inc.TIBCO Software Managed File Transfer Command Center is an enterprise file transfer management solution. TIBCO Software Managed File Transfer Comman...

CVE-2020-9413

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrar...

Design/Logic Flaw

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user...