Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveTibcoCVE-2020-9414
HistoryJun 30, 2020 - 8:15 p.m.

CVE-2020-9414

2020-06-3020:15:13
CWE-79
tibco
web.nvd.nist.gov
24
tibco
software
inc.
managed file transfer
command center
internet server
cve-2020-9414
vulnerability
session identifier
theft
nvd

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Affected configurations

Nvd
Node
tibcomanaged_file_transfer_command_centerRange<8.2.1
OR
tibcomanaged_file_transfer_internet_serverRange<8.2.1
VendorProductVersionCPE
tibcomanaged_file_transfer_command_center*cpe:2.3:a:tibco:managed_file_transfer_command_center:*:*:*:*:*:*:*:*
tibcomanaged_file_transfer_internet_server*cpe:2.3:a:tibco:managed_file_transfer_internet_server:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "TIBCO Managed File Transfer Command Center",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Managed File Transfer Internet Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "8.2.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

cvelist 1
tibco 2
prion 1
nvd 1
cvelist
cvelist
CVE-2020-9414 TIBCO Managed File Transfer reflected XSS vulerability
2020-06-30 19:40:14
tibco
tibco
TIBCO Security Advisory: June 30, 2020 - TIBCO Managed File Transfer -2020-9414
2020-06-24 20:41:25
TIBCO Security Advisory: June 30, 2020 - TIBCO Managed File Transfer -2020-9414
2020-06-24 20:41:25
prion
prion
Design/Logic Flaw
2020-06-30 20:15:00
nvd
nvd
CVE-2020-9414
2020-06-30 20:15:13

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON
Related for CVE-2020-9414
cvelist1tibco2prion1nvd1