CVE-2022-22772
TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
In short
A vulnerability in TIBCO Managed File Transfer Platform Server allows an attacker with network access and low privileges to run malicious code on the system. This affects versions 8.1.0 and below on UNIX and z/Linux platforms.
Technical detail
The cfsend, cfrecv, and CyberResp components contain an RCE vulnerability exploitable by a low-privileged network-authenticated attacker. The attack is difficult to execute but results in arbitrary code execution with the privileges of the affected service. Affected versions: TIBCO MFT Platform Server for UNIX and z/Linux up to 8.1.0.
Summary generated and translated by AI from the official description.
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
TIBCO Software Inc. · TIBCO Managed File Transfer Platform Server for UNIXTIBCO Software Inc. · TIBCO Managed File Transfer Platform Server for z/LinuxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →