CVE-2022-22774 – TIBCO Managed File Transfer Command Center XXE Vulnerability
https://notcve.org/view.php?id=CVE-2022-22774
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1. Los componentes DOM XML parser y SAX XML parser de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-10-2022-tibco-mftcc-2022-22774 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2020-9414 – TIBCO Managed File Transfer reflected XSS vulerability
https://notcve.org/view.php?id=CVE-2020-9414
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-9413 – TIBCO Managed File Transfer reflected XSS vulerability
https://notcve.org/view.php?id=CVE-2020-9413
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below. • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-18810 – TIBCO Managed File Transfer Credentials Disclosure
https://notcve.org/view.php?id=CVE-2018-18810
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0. El componente Administrator Service de TIBCO Managed File Transfer Command Center y TIBCO Managed File Transfer Internet Server, de TIBCO Software Inc., contiene vulnerabilidades por las que un usuario autenticado con privilegios específicos puede obtener acceso a las credenciales de otros sistemas. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/12/tibco-security-advisory-december-11-2018-tibco-managed-file-transfer •
CVE-2015-5711
https://notcve.org/view.php?id=CVE-2015-5711
TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request. Vulnerabilidad en TIBCO Managed File Transfer Internet Server en versiones anteriores a 7.2.5, Managed File Transfer Command Center en versiones anteriores a 7.2.5, Slingshot en versiones anteriores a 1.9.4 y Vault en versiones anteriores a 2.0.1, permite a usuarios remotos autenticados obtener información sensible a través de una petición HTTP manipulada. • http://www.securitytracker.com/id/1033678 http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •