CVE-2022-22772 – TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22772
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. Los componentes cfsend, cfrecv y CyberResp de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772 •
CVE-2020-9412 – TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2020-9412
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0. El componente file transfer de TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite una ejecución de comandos arbitraria en el nivel de privilegio del sistema afectado después de una transferencia de archivos fallida. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412 •
CVE-2020-9411 – TIBCO Managed File Transfer Platform Server for IBM i Authentication Bypass
https://notcve.org/view.php?id=CVE-2020-9411
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411 •