fkie_cve-2020-9411
Vulnerability from fkie_nvd
Published
2020-06-09 17:15
Modified
2024-11-21 05:40
Severity ?
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.
References
security@tibco.comhttps://www.tibco.com/services/support/advisoriesVendor Advisory
security@tibco.comhttps://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/services/support/advisoriesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411Vendor Advisory
Impacted products
Vendor Product Version
tibco managed_file_transfer_platform_server *
tibco managed_file_transfer_platform_server 8.0.0
ibm i -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:managed_file_transfer_platform_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "617EEC7D-981D-4C0B-83A8-9AACFB00D02E",
              "versionEndIncluding": "7.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E0C0ED-585F-47EC-82EA-2D66E4CAC48A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The file transfer component of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option \u0027Require Node Resp\u0027 is set to \u0027No\u0027. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0."
    },
    {
      "lang": "es",
      "value": "El componente file transfer de TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc, contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante llevar a cabo transferencias de archivos de red no autorizadas hacia y desde el sistema de archivos accesible al componente afectado. Esta vulnerabilidad es explotable cuando la opci\u00f3n de configuraci\u00f3n \"Require Node Resp\" est\u00e1 establecida en \"No\". En el caso de una explotaci\u00f3n con \u00e9xito, el atacante podr\u00eda leer y escribir te\u00f3ricamente cualquier archivo en el sistema de archivos accesible para el componente afectado, afectando as\u00ed completamente la confidencialidad, integridad y disponibilidad del sistema operativo que aloja la implementaci\u00f3n del sistema afectado. Las versiones afectadas son TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc: versiones 7.1.0 y posteriores, versi\u00f3n 8.0.0"
    }
  ],
  "id": "CVE-2020-9411",
  "lastModified": "2024-11-21T05:40:35.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "security@tibco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-09T17:15:10.973",
  "references": [
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/services/support/advisories"
    },
    {
      "source": "security@tibco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/services/support/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411"
    }
  ],
  "sourceIdentifier": "security@tibco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.