TIBCO Managed File Transfer vulnerabilities

2014.11.22
Credit: TIBCO
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


Ogólna skala CVSS: 6.4/10
Znaczenie: 4.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

TIBCO Managed File Transfer vulnerabilities Original release date: October 29, 2014 Last revised: -- Source: TIBCO Software Inc. Systems Affected TIBCO Managed File Transfer Internet Server 7.2.3 and earlier TIBCO Managed File Transfer Command Center 7.2.3 and earlier TIBCO Slingshot 1.9.2 and earlier TIBCO Vault 1.1.0 The following components are affected: * TIBCO Managed File Transfer engine * TIBCO Slingshot server * TIBCO Vault server Description The TIBCO Managed File Transfer components listed above contain a critical vulnerability that may allow an agent to gain privileges and assume an identity. TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below. Impact The impact of these vulnerabilities may include information disclosure or information modification Solution For each affected system, update to the corresponding software versions: TIBCO Managed File Transfer Internet Server 7.2.4 or later TIBCO Managed File Transfer Command Center 7.2.4 or later TIBCO Slingshot 1.9.3 or later TIBCO Vault 1.1.1 or later References http://www.tibco.com/mk/advisory.jsp CVE: CVE-2014-7194

Referencje:

http://www.tibco.com/mk/advisory.jsp
http://www.tibco.com/assets/blt7454ec3ae638d8c4/mft-advisory-20141029-008.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top