TIBCO Managed File Transfer products XML external entity | CVE-2022-22774
NAME
TIBCO Managed File Transfer products XML external entity
- Platforms Affected:
TIBCO Managed File Transfer Command Center 8.3.1
TIBCO Managed File Transfer Command Center 8.4.0
TIBCO Managed File Transfer Command Center 8.4.1 - Risk Level:
8.6 - Exploitability:
Unproven - Consequences:
Gain Access
DESCRIPTION
TIBCO Managed File Transfer products is vulnerable to an XML external entity injection (XXE) attack when processing XML data, caused by a weakly configured XML parser in the DOM XML parser and SAX XML parser. By using specially-crafted XML content in the configuration file, a remote attacker could exploit this vulnerability to read arbitrary files, cause a denial of service, conduct an SSRF attack, or achieve other system impacts.
CVSS 3.0 Information
- Privileges Required: None
- User Interaction: None
- Scope: Changed
- Access Vector: Network
- Access Complexity: Low
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
- Remediation Level: Official Fix
MITIGATION
Refer to TIBCO Security Advisory: May 10, 2022 for patch, upgrade or suggested workaround information. See References.
- Reference Link:
https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-10-2022-tibco-mftcc-2022-22774 - Reference Link:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22774
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.
