Session Fixation Vulnerability in TIBCO Managed File Transfer Products
CVE-2011-3424

Currently unrated

Key Information:

Vendor: Tibco
Status: Managed File Transfer Command Center; Managed File Transfer Internet Server; Slingshot
Vendor: CVE Published:; 19 September 2011

Summary

A session fixation vulnerability exists in TIBCO Managed File Transfer products, enabling remote attackers to hijack web sessions through various unspecified methods. This flaw affects users' authentication process, allowing malicious actors to assume control of active sessions without the need for re-authentication. Products impacted include TIBCO Managed File Transfer Internet Server, TIBCO Managed File Transfer Command Center, and TIBCO Slingshot. It is essential for organizations using these products to implement appropriate security measures to mitigate the risk of unauthorized access.

References

http://secunia.com/advisories/45976

third-party-advisoryx_refsource_SECUNIA

http://www.tibco.com/services/support/advisories/mft-slin...

x_refsource_CONFIRM

http://www.tibco.com/multimedia/mft-slingshot_advisory_20...

x_refsource_CONFIRM

Timeline

Vulnerability published
Sep 19, 2011
Vulnerability Reserved
Sep 12, 2011