TIBCO Security Advisory: October 17, 2017 - TIBCO® Managed File Transfer
- TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1
- TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1
The following components are affected:
- Administrator Service
Deployments of the affected systems that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications.
The impact of this vulnerability includes the theoretical escalation of privileges by any authenticated user to gain administrative control of Managed File Transfer web applications.
CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Deployments that enable the Administrator Service for the affected systems should remove the file management_activity_activeusers.jsp. This file can be found relative to the installation directory of the Managed File Transfer product(s):