TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: March 30, 2022 - TIBCO Managed File Transfer Platform Server - 2022-22772
TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
Original release date: March 30, 2022
Last revised: ---
Source: TIBCO Software Inc.
- TIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below
- TIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below
The following components are affected:
The components listed above contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system.
Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.
CVSS v3 Base Score: 8.5 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later
- TIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later