TIBCO Managed File Transfer Platform Server for IBM i Authentication Bypass
CVE-2020-9411

10CRITICAL

Key Information:

Vendor: Tibco
Status: Tibco Managed File Transfer Platform Server For IBM I
Vendor: CVE Published:; 9 June 2020

Summary

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Affected Version(s)

TIBCO Managed File Transfer Platform Server for IBM i <= 7.1.0

TIBCO Managed File Transfer Platform Server for IBM i 8.0.0

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2020/06/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2020
Vulnerability Reserved
Feb 26, 2020