Vulnerability Details CVE-2022-22772
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 83.9%
CVSS Severity
CVSS v3 Score 8.5
CVSS v2 Score 8.5
References
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772
- https://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772
Products affected by CVE-2022-22772
-
cpe:2.3:a:tibco:managed_file_transfer_platform_server:-
-
cpe:2.3:a:tibco:managed_file_transfer_platform_server:7.1.0
-
cpe:2.3:a:tibco:managed_file_transfer_platform_server:7.1.1
-
cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0
-
cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.1
-
cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.1.0
-
cpe:2.3:o:ibm:z_linux:-
-
cpe:2.3:o:opengroup:unix:-