CVE-2020-9411

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

CVSS v3 10.0 CRITICAL
CVSS v2.0 9.3 HIGH

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.tibco.com/services/support/advisories	Vendor Advisory
https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411	Vendor Advisory
https://www.tibco.com/services/support/advisories	Vendor Advisory
https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:tibco:managed_file_transfer_platform_server::::::::
	cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0:::::::*

cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:40

Type	Values Removed	Values Added
References	~~() https://www.tibco.com/services/support/advisories - Vendor Advisory~~	() https://www.tibco.com/services/support/advisories - Vendor Advisory
References	~~() https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411 - Vendor Advisory~~	() https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411 - Vendor Advisory
CVSS	v2 : ~~9.3~~ v3 : ~~9.8~~	v2 : 9.3 v3 : 10.0

Information

Published : 2020-06-09 17:15

Updated : 2024-11-21 05:40

NVD link : CVE-2020-9411

Mitre link : CVE-2020-9411

CVE.ORG link : CVE-2020-9411

JSON object : View

Products Affected

tibco

managed_file_transfer_platform_server

ibm

CWE

NVD-CWE-noinfo

{"id": "CVE-2020-9411", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-06-09T17:15:10.973", "references": [{"url": "https://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}, {"url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}, {"url": "https://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9411", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. This vulnerability is exploitable when the configuration option 'Require Node Resp' is set to 'No'. In the event of a successful exploit, the attacker could theoretically read and write any file on the file system accessible to the affected component, thus fully affecting the confidentiality, integrity, and availability of the operating system hosting the deployment of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0."}, {"lang": "es", "value": "El componente file transfer de TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc, contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante llevar a cabo transferencias de archivos de red no autorizadas hacia y desde el sistema de archivos accesible al componente afectado. Esta vulnerabilidad es explotable cuando la opci\u00f3n de configuraci\u00f3n \"Require Node Resp\" est\u00e1 establecida en \"No\". En el caso de una explotaci\u00f3n con \u00e9xito, el atacante podr\u00eda leer y escribir te\u00f3ricamente cualquier archivo en el sistema de archivos accesible para el componente afectado, afectando as\u00ed completamente la confidencialidad, integridad y disponibilidad del sistema operativo que aloja la implementaci\u00f3n del sistema afectado. Las versiones afectadas son TIBCO Managed File Transfer Platform Server para IBM i de TIBCO Software Inc: versiones 7.1.0 y posteriores, versi\u00f3n 8.0.0"}], "lastModified": "2024-11-21T05:40:35.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:managed_file_transfer_platform_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "617EEC7D-981D-4C0B-83A8-9AACFB00D02E", "versionEndIncluding": "7.1.0"}, {"criteria": "cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4E0C0ED-585F-47EC-82EA-2D66E4CAC48A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:ibm:i:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C684FC45-C9BA-4EF0-BD06-BB289450DD21"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@tibco.com"}

10.0 /10