CVE-2022-22774 – TIBCO Managed File Transfer Command Center XXE Vulnerability
https://notcve.org/view.php?id=CVE-2022-22774
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1. Los componentes DOM XML parser y SAX XML parser de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-10-2022-tibco-mftcc-2022-22774 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-9414 – TIBCO Managed File Transfer reflected XSS vulerability
https://notcve.org/view.php?id=CVE-2020-9414
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-9413 – TIBCO Managed File Transfer reflected XSS vulerability
https://notcve.org/view.php?id=CVE-2020-9413
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18810 – TIBCO Managed File Transfer Credentials Disclosure
https://notcve.org/view.php?id=CVE-2018-18810
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0. El componente Administrator Service de TIBCO Managed File Transfer Command Center y TIBCO Managed File Transfer Internet Server, de TIBCO Software Inc., contiene vulnerabilidades por las que un usuario autenticado con privilegios específicos puede obtener acceso a las credenciales de otros sistemas. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/12/tibco-security-advisory-december-11-2018-tibco-managed-file-transfer •
CVE-2017-5531
https://notcve.org/view.php?id=CVE-2017-5531
Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications. Despliegues de TIBCO Managed File Transfer Command Center en versiones 8.0.0 y 8.0.1 y TIBCO Managed File Transfer Internet Server en versiones 8.0.0 y 8.0.1 que habilitan el servicio administrador se pueden ver afectados por una vulnerabilidad que puede permitir a cualquier usuario autenticado obtener control administrativo de las aplicaciones web Managed File Transfer. • http://www.securityfocus.com/bid/101545 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2017/10/tibco-security-advisory-october-17-2017-tibco-managed-file-transfer •