CVE-2020-9412 - OpenCVE

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Tibco	Managed File Transfer Platform Server
Ibm	I

Configuration 1 [-]

AND

OR	cpe:2.3:a:tibco:managed_file_transfer_platform_server::::::::
	cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0:::::::*

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.tibco.com/services/support/advisories	Mailing List Vendor Advisory
https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: tibco

Published: 2020-06-09T00:00:00

Updated: 2020-06-09T17:06:08

Reserved: 2020-02-26T00:00:00

Link: CVE-2020-9412

JSON object: View

NVD Information

Status : Modified

Published: 2020-06-09T17:15:11.080

Modified: 2023-11-07T03:26:52.717

Link: CVE-2020-9412

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "TIBCO Managed File Transfer Platform Server for IBM i", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "8.0.0"}]}], "datePublic": "2020-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the possibility that an unauthenticated attacker could execute arbitrary commands on the system.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-09T17:06:08", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and below update to version 7.1.1 or higher\nTIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update to version 8.0.1 or higher"}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2020-06-09T17:00:00Z", "ID": "CVE-2020-9412", "STATE": "PUBLIC", "TITLE": "TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Managed File Transfer Platform Server for IBM i", "version": {"version_data": [{"version_affected": "<=", "version_value": "7.1.0"}, {"version_affected": "=", "version_value": "8.0.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the possibility that an unauthenticated attacker could execute arbitrary commands on the system."}]}]}, "references": {"reference_data": [{"name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and below update to version 7.1.1 or higher\nTIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update to version 8.0.1 or higher"}], "source": {"discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2020-9412", "datePublished": "2020-06-09T00:00:00", "dateReserved": "2020-02-26T00:00:00", "dateUpdated": "2020-06-09T17:06:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:managed_file_transfer_platform_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "617EEC7D-981D-4C0B-83A8-9AACFB00D02E", "versionEndIncluding": "7.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C4E0C0ED-585F-47EC-82EA-2D66E4CAC48A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0."}, {"lang": "es", "value": "El componente file transfer de TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc, contiene una vulnerabilidad que te\u00f3ricamente permite una ejecuci\u00f3n de comandos arbitraria en el nivel de privilegio del sistema afectado despu\u00e9s de una transferencia de archivos fallida. Las versiones afectadas son TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc: versiones 7.1.0 y posteriores, versi\u00f3n 8.0.0"}], "id": "CVE-2020-9412", "lastModified": "2023-11-07T03:26:52.717", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2020-06-09T17:15:11.080", "references": [{"source": "security@tibco.com", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}