TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: October 17, 2017 - TIBCO® Managed File Transfer
TIBCO Managed File Transfer Privilege Escalation Vulnerabilities
Original release date: October 17, 2017
Last revised: --
Source: TIBCO Software Inc.
- TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1
- TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1
The following components are affected:
- Administrator Service
Deployments of the affected systems that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications.
The impact of this vulnerability includes the theoretical escalation of privileges by any authenticated user to gain administrative control of Managed File Transfer web applications.
CVSS v3 Base Score: 8.0 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
Deployments that enable the Administrator Service for the affected systems should remove the file management_activity_activeusers.jsp. This file can be found relative to the installation directory of the Managed File Transfer product(s):