CVE-2020-9412

moderate-risk
Published 2020-06-09

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Do I need to act?

-
0.78% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
10
CVSS 10.0/10 Critical
NETWORK / LOW complexity

Affected Products (2)

Managed File Transfer Platform Server
Managed File Transfer Platform Server

Affected Vendors

Tibco

References (4)

Mailing List https://www.tibco.com/services/support/advisories
Vendor Advisory https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-...
Mailing List https://www.tibco.com/services/support/advisories
Vendor Advisory https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-...
43
/ 100
moderate-risk
Severity 33/34 · Critical
Exploitability 3/34 · Minimal
Exposure 7/34 · Low