TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: April 29, 2014 - TIBCO® Managed File Transfer
TIBCO® Managed File Transfer vulnerabilities
Original release date: April 29, 2014
Last revised: --
Source: TIBCO Software Inc.
The TIBCO Managed File Transfer components listed above contain a critical vulnerability in the handling of HTTP requests which may result in information disclosure.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.
- TIBCO Managed File Transfer Internet Server 7.2.1 and earlier
- TIBCO Managed File Transfer Command Center 7.2.1 and earlier
- TIBCO Slingshot 1.9.0 and earlier
- TIBCO Vault 1.0.0
The following components are affected:
- TIBCO Managed File Transfer engine
- TIBCO Slingshot server
- TIBCO Vault server
The impact of this vulnerability is information disclosure.
For each affected system, update to the corresponding software versions:
- TIBCO Managed File Transfer Internet Server 7.2.2 or higher
- TIBCO Managed File Transfer Command Center 7.2.2 or higher
- TIBCO Slingshot 1.9.1 or higher
- TIBCO Vault 1.0.1 or higher