Search
Find a vulnerability
Search criteria
2 vulnerabilities found for TIBCO Managed File Transfer Platform Server for UNIX by TIBCO Software Inc.
CVE-2022-22772 (GCVE-0-2022-22772)
Vulnerability from nvd – Published: 2022-03-30 16:40 – Updated: 2024-09-16 21:08
VLAI
Title
TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
Summary
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
Severity
8.5 (High)
CWE
- Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2022/03/… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Managed File Transfer Platform Server for UNIX |
Affected:
unspecified , ≤ 8.1.0
(custom)
|
|
| TIBCO Software Inc. | TIBCO Managed File Transfer Platform Server for z/Linux |
Affected:
unspecified , ≤ 8.1.0
(custom)
|
Date Public
2022-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Managed File Transfer Platform Server for UNIX",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Managed File Transfer Platform Server for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T17:06:13.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later"
}
],
"source": {
"discovery": "Toronto-Dominion Bank"
},
"title": "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-03-30T17:00:00Z",
"ID": "CVE-2022-22772",
"STATE": "PUBLIC",
"TITLE": "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Managed File Transfer Platform Server for UNIX",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.1.0"
}
]
}
},
{
"product_name": "TIBCO Managed File Transfer Platform Server for z/Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later"
}
],
"source": {
"discovery": "Toronto-Dominion Bank"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22772",
"datePublished": "2022-03-30T16:40:10.158Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:08:01.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22772 (GCVE-0-2022-22772)
Vulnerability from cvelistv5 – Published: 2022-03-30 16:40 – Updated: 2024-09-16 21:08
VLAI
Title
TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
Summary
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
Severity
8.5 (High)
CWE
- Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.tibco.com/services/support/advisories | x_refsource_CONFIRM |
| https://www.tibco.com/support/advisories/2022/03/… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Managed File Transfer Platform Server for UNIX |
Affected:
unspecified , ≤ 8.1.0
(custom)
|
|
| TIBCO Software Inc. | TIBCO Managed File Transfer Platform Server for z/Linux |
Affected:
unspecified , ≤ 8.1.0
(custom)
|
Date Public
2022-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:21:49.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Managed File Transfer Platform Server for UNIX",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Managed File Transfer Platform Server for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-30T17:06:13.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later"
}
],
"source": {
"discovery": "Toronto-Dominion Bank"
},
"title": "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2022-03-30T17:00:00Z",
"ID": "CVE-2022-22772",
"STATE": "PUBLIC",
"TITLE": "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Managed File Transfer Platform Server for UNIX",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.1.0"
}
]
}
},
{
"product_name": "TIBCO Managed File Transfer Platform Server for z/Linux",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "8.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later"
}
],
"source": {
"discovery": "Toronto-Dominion Bank"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-22772",
"datePublished": "2022-03-30T16:40:10.158Z",
"dateReserved": "2022-01-07T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:08:01.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}