Lucene search

[email protected]CVE-2014-2545

HistoryApr 30, 2014 - 10:49 a.m.

CVE-2014-2545

2014-04-3010:49:05

CWE-200

[email protected]

web.nvd.nist.gov

tibco

managed file transfer

internet server

command center

slingshot

vault

cve-2014-2545

sensitive information disclosure

http request

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request.

Affected configurations

NVD

Node

tibcoslingshotRange≤1.9.0

tibcoslingshotMatch1.7.0

tibcoslingshotMatch1.8.0

tibcoslingshotMatch1.8.1

Node

tibcovaultRange≤1.0.0

Node

tibcomanaged_file_transfer_command_centerRange≤7.2.1

tibcomanaged_file_transfer_command_centerMatch6.7

tibcomanaged_file_transfer_command_centerMatch7.0

tibcomanaged_file_transfer_command_centerMatch7.0.1

tibcomanaged_file_transfer_command_centerMatch7.1.0

tibcomanaged_file_transfer_command_centerMatch7.2.0

Node

tibcomanaged_file_transfer_internet_serverRange≤7.2.1

tibcomanaged_file_transfer_internet_serverMatch6.7

tibcomanaged_file_transfer_internet_serverMatch7.0

tibcomanaged_file_transfer_internet_serverMatch7.0.1

tibcomanaged_file_transfer_internet_serverMatch7.1.0

tibcomanaged_file_transfer_internet_serverMatch7.2.0

CPENameOperatorVersion
tibco:slingshottibco slingshotle1.9.0
tibco:slingshottibco slingshoteq1.7.0
tibco:slingshottibco slingshoteq1.8.0
tibco:slingshottibco slingshoteq1.8.1

CPE	Name	Operator	Version
tibco:slingshot	tibco slingshot	le	1.9.0
tibco:slingshot	tibco slingshot	eq	1.7.0
tibco:slingshot	tibco slingshot	eq	1.8.0
tibco:slingshot	tibco slingshot	eq	1.8.1

References

www.tibco.com/mk/advisory.jsp

www.tibco.com/multimedia/mft_advisory_20140429_tcm8-21013.txt

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.8%

JSON

Related for CVE-2014-2545

nvd1 prion1 cvelist1