{"containers": {"cna": {"affected": [{"product": "TIBCO Managed File Transfer Platform Server for UNIX", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "8.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Managed File Transfer Platform Server for z/Linux", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "8.1.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2022-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-03-30T17:06:13", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later"}], "source": {"discovery": "Toronto-Dominion Bank"}, "title": "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2022-03-30T17:00:00Z", "ID": "CVE-2022-22772", "STATE": "PUBLIC", "TITLE": "TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Managed File Transfer Platform Server for UNIX", "version": {"version_data": [{"version_affected": "<=", "version_value": "8.1.0"}]}}, {"product_name": "TIBCO Managed File Transfer Platform Server for z/Linux", "version": {"version_data": [{"version_affected": "<=", "version_value": "8.1.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Successful execution of this vulnerability can result in a low privileged attacker gaining full user access to the affected system."}]}]}, "references": {"reference_data": [{"name": "https://www.tibco.com/services/support/advisories", "refsource": "CONFIRM", "url": "https://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Managed File Transfer Platform Server for UNIX versions 8.1.0 and below update to version 8.1.1 or later\nTIBCO Managed File Transfer Platform Server for z/Linux versions 8.1.0 and below update to version 8.1.1 or later"}], "source": {"discovery": "Toronto-Dominion Bank"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:21:49.168Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2022-22772", "datePublished": "2022-03-30T16:40:10.158737Z", "dateReserved": "2022-01-07T00:00:00", "dateUpdated": "2024-09-16T21:08:01.606Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:managed_file_transfer_platform_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0E22E7A-AB04-41C6-AA8B-A38DA224B1AA", "versionEndExcluding": "8.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:z_linux:-:*:*:*:*:*:*:*", "matchCriteriaId": "57109509-72B1-4F53-9A5E-4E19C1286844", "vulnerable": false}, {"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below."}, {"lang": "es", "value": "Los componentes cfsend, cfrecv y CyberResp de TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX y TIBCO Managed File Transfer Platform Server for z/Linux contienen una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota (RCE) dif\u00edcil de explotar que permite a un atacante con pocos privilegios y acceso a la red ejecutar c\u00f3digo arbitrario en el sistema afectado. Las versiones afectadas son TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versiones 8.1.0 y anteriores y TIBCO Managed File Transfer Platform Server for z/Linux: versiones 8.1.0 y anteriores"}], "id": "CVE-2022-22772", "lastModified": "2024-11-21T06:47:25.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 8.5, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security@tibco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-03-30T17:15:10.270", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/services/support/advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}