CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22774 – TIBCO Managed File Transfer Command Center XXE Vulnerability
https://notcve.org/view.php?id=CVE-2022-22774
10 May 2022 — The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Cen... • https://www.tibco.com/services/support/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9414 – TIBCO Managed File Transfer reflected XSS vulerability
https://notcve.org/view.php?id=CVE-2020-9414
30 Jun 2020 — The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: v... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2020-9413 – TIBCO Managed File Transfer reflected XSS vulerability
https://notcve.org/view.php?id=CVE-2020-9413
30 Jun 2020 — The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2018-18810 – TIBCO Managed File Transfer Credentials Disclosure
https://notcve.org/view.php?id=CVE-2018-18810
11 Dec 2018 — The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.... • http://www.tibco.com/services/support/advisories •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5531
https://notcve.org/view.php?id=CVE-2017-5531
17 Oct 2017 — Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications. Despliegues de TIBCO Managed File Transfer Command Center en versiones 8.0.0 y 8.0.1 y TIBCO Managed File Transfer Internet Server en versiones 8.0.0 y 8.0.1 que habilita... • http://www.securityfocus.com/bid/101545 •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5711
https://notcve.org/view.php?id=CVE-2015-5711
29 Sep 2015 — TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. Vulnerabilidad en TIBCO Managed File Transfer Internet Server en versiones anteriores a 7.2.5, Managed File Transfer Command Center en versiones anteriores a 7.2.5, Slingshot en versiones anteriores a 1.9.4 y Vault en versiones anteriores a 2.0.1, permite a usuar... • http://www.securitytracker.com/id/1033678 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2014-7194
https://notcve.org/view.php?id=CVE-2014-7194
21 Nov 2014 — TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access. TIBCO Managed File Transfer Internet Server anterior a 7.2.4, Managed File Transfer Command Center anterior a 7.2.4, Slingshot anterior a 1.9.3, y Vault anterior a 1.1.1 permite a atacantes remotos obtener información sensible o modificar datos aprovechandos... • http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-2545
https://notcve.org/view.php?id=CVE-2014-2545
30 Apr 2014 — TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request. TIBCO Managed File Transfer Internet Server anterior a 7.2.2, Managed File Transfer Command Center anterior a 7.2.2, Slingshot anterior a 1.9.1 y Vault anterior a 1.0.1 permiten a atacantes remotos obtener información sensible a través de una solicitud HTTP manipulada. • http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2011-3423
https://notcve.org/view.php?id=CVE-2011-3423
17 Sep 2011 — Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad ejecución de secuencias de comandos en sitios cruzados (XSS) en el servidor Managed File Transfer en Managed File Transfer Internet Server antes de v7.1.1 y Managed File... • http://secunia.com/advisories/45976 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-3424
https://notcve.org/view.php?id=CVE-2011-3424
17 Sep 2011 — Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en el servidor Managed File Transfer en Managed File Transfer Internet Server antes de v7.1.1 y Managed File Transfer Command Center antes de v7.1.1, y el servidor TIBCO Sli... • http://secunia.com/advisories/45976 •