cve-2020-9412
Vulnerability from cvelistv5
Published
2020-06-09 17:00
Modified
2024-09-17 00:35
Severity ?
EPSS score ?
Summary
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | TIBCO Software Inc. | TIBCO Managed File Transfer Platform Server for IBM i |
Version: unspecified < Version: 8.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.380Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Managed File Transfer Platform Server for IBM i",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "8.0.0"
}
]
}
],
"datePublic": "2020-06-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The file transfer component of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility that an unauthenticated attacker could execute arbitrary commands on the system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-09T17:06:08",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and below update to version 7.1.1 or higher\nTIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update to version 8.0.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-06-09T17:00:00Z",
"ID": "CVE-2020-9412",
"STATE": "PUBLIC",
"TITLE": "TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Managed File Transfer Platform Server for IBM i",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.1.0"
},
{
"version_affected": "=",
"version_value": "8.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file transfer component of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility that an unauthenticated attacker could execute arbitrary commands on the system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and below update to version 7.1.1 or higher\nTIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update to version 8.0.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9412",
"datePublished": "2020-06-09T17:00:21.287841Z",
"dateReserved": "2020-02-26T00:00:00",
"dateUpdated": "2024-09-17T00:35:28.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-9412\",\"sourceIdentifier\":\"security@tibco.com\",\"published\":\"2020-06-09T17:15:11.080\",\"lastModified\":\"2024-11-21T05:40:35.433\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The file transfer component of TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.\u0027s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.\"},{\"lang\":\"es\",\"value\":\"El componente file transfer de TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc, contiene una vulnerabilidad que te\u00f3ricamente permite una ejecuci\u00f3n de comandos arbitraria en el nivel de privilegio del sistema afectado despu\u00e9s de una transferencia de archivos fallida. Las versiones afectadas son TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc: versiones 7.1.0 y posteriores, versi\u00f3n 8.0.0\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@tibco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:managed_file_transfer_platform_server:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.1.0\",\"matchCriteriaId\":\"617EEC7D-981D-4C0B-83A8-9AACFB00D02E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4E0C0ED-585F-47EC-82EA-2D66E4CAC48A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C684FC45-C9BA-4EF0-BD06-BB289450DD21\"}]}]}],\"references\":[{\"url\":\"https://www.tibco.com/services/support/advisories\",\"source\":\"security@tibco.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412\",\"source\":\"security@tibco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/services/support/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.