TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command
Execution

  Original release date: June 9, 2020
  Last revised: ---
  Source: TIBCO Software Inc.


Systems Affected

  TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and
    below
  TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0

  The following component is affected:

    * file transfer


Description

  The component listed above contains a vulnerability that theoretically allows
  execution of arbitrary commands at the privilege level of the affected system
  following a failed file transfer.


Impact

  The impact of this vulnerability includes the possibility that an
  unauthenticated attacker could execute arbitrary commands on the system.

  CVSS v3 Base Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)


Solution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and
    below update to version 7.1.1 or higher
  TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0 update
    to version 8.0.1 or higher


References

  http://www.tibco.com/services/support/advisories
  CVE-2020-9412