TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: September 29, 2015 - TIBCO® Managed File Transfer
The TIBCO Managed File Transfer components listed below contain a critical vulnerability in the handling of HTTP requests which may result in information disclosure.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.
- TIBCO Managed File Transfer Internet Server 7.2.4 and earlier
- TIBCO Managed File Transfer Command Center 7.2.4 and earlier
- TIBCO Slingshot 1.9.3 and earlier
- TIBCO Vault 2.0.0 and earlier
The following components are affected:
- TIBCO Managed File Transfer engine
The impact of this vulnerability is information disclosure.
CVSS v2 Base Score: 3.5 (AV:N/AC:M/Au:S/C:P/I:N/A:N)
For each affected system, update to the corresponding software versions:
- TIBCO Managed File Transfer Internet Server 7.2.5 or higher
- TIBCO Managed File Transfer Command Center 7.2.5 or higher
- TIBCO Slingshot 1.9.4 or higher
- TIBCO Vault 2.0.1 or higher