CVE-2017-5531
high
CVSS v3
8.8
CVSS v2
6.5
VIR risk
8.8
Description
Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@tibco.com — https://www.tibco.com/support/advisories/2017/10/tibco-security-advisory-october-17-2017-tibco-managed-file-transfer
Vendor advisory: security@tibco.com — http://www.tibco.com/services/support/advisories
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| tibco | managed_file_transfer_command_center | 8.0.0 | |
| tibco | managed_file_transfer_command_center | 8.0.1 | |
| tibco | managed_file_transfer_internet_server | 8.0.0 | |
| tibco | managed_file_transfer_internet_server | 8.0.1 | |
References
- http://www.securityfocus.com/bid/101545
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2017/10/tibco-security-advisory-october-17-2017-tibco-managed-file-transfer
- http://www.securityfocus.com/bid/101545
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2017/10/tibco-security-advisory-october-17-2017-tibco-managed-file-transfer
Verify integrity in audit chain (admin only). AS-IS.