TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: October 29, 2014 - TIBCO® Managed File Transfer
TIBCO® Managed File Transfer vulnerabilities
Original release date: October 29, 2014
Last revised: --
Source: TIBCO Software Inc.
The TIBCO Managed File Transfer components listed above contain a critical vulnerability that may allow an agent to gain privileges and assume an identity.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.
- TIBCO Managed File Transfer Internet Server 7.2.3 and earlier
- TIBCO Managed File Transfer Command Center 7.2.3 and earlier
- TIBCO Slingshot 1.9.2 and earlier
- TIBCO Vault 1.1.0
The following components are affected:
- TIBCO Managed File Transfer engine
- TIBCO Slingshot server
- TIBCO Vault server
The impact of these vulnerabilities may include information disclosure or information modification
For each affected system, update to the corresponding software versions:
- TIBCO Managed File Transfer Internet Server 7.2.4 or later
- TIBCO Managed File Transfer Command Center 7.2.4 or later
- TIBCO Slingshot 1.9.3 or later
- TIBCO Vault 1.1.1 or later