Overview
- Description
- The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.
- Source
- security@tibco.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:managed_file_transfer_command_center:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE39BD76-859E-4CFC-97CD-7505BF0B7BFC",
"versionEndExcluding": "8.2.1"
},
{
"criteria": "cpe:2.3:a:tibco:managed_file_transfer_internet_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E380AF76-D71F-4D37-B0A9-BA4EC96F7D06",
"versionEndExcluding": "8.2.1"
}
],
"operator": "OR"
}
]
}
]