TIBCO Managed File Transfer Platform Server code execution | CVE-2022-22772
NAME
TIBCO Managed File Transfer Platform Server code execution
- Platforms Affected:
TIBCO Managed File Transfer Platform Server for UNIX 8.1.0
TIBCO Managed File Transfer Platform Server for for z/Linux 8.1.0 - Risk Level:
8.5 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
TIBCO Managed File Transfer Platform Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by flaws in the cfsend, cfrecv, and CyberResp components. By inserting malicious software, an attacker could exploit this vulnerability to execute arbitrary code on the affected system.
CVSS 3.0 Information
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: High
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Remediation Level: Official Fix
MITIGATION
Refer toTIBCO Security Advisory: March 30, 2022 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22772
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
