NVD Vulnerability Detail

CVE-2020-9412

Summary	The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.
Publication Date	June 10, 2020, 2:15 a.m.
Registration Date	Jan. 26, 2021, 12:02 p.m.
Last Update	Nov. 21, 2024, 2:40 p.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:tibco:managed_file_transfer_platform_server::::::::			7.1.0
cpe:2.3:a:tibco:managed_file_transfer_platform_server:8.0.0:::::::*
execution environment
1	cpe:2.3:o:ibm:i:-:::::::*

Related information, measures and tools

No	URL	タグ
1	https://www.tibco.com/services/support/advisories	Mailing List Vendor Advisory
2	https://www.tibco.com/services/support/advisories	Mailing List Vendor Advisory
3	https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412	Vendor Advisory
4	https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412	Vendor Advisory

Common Vulnerabilities List

JVN Vulnerability Information

TIBCO Software Inc. TIBCO Managed File Transfer Platform Server における入力確認に関する脆弱性

Title	TIBCO Software Inc. TIBCO Managed File Transfer Platform Server における入力確認に関する脆弱性
Summary	TIBCO Software Inc. TIBCO Managed File Transfer Platform Server には、入力確認に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	June 9, 2020, midnight
Registration Date	July 7, 2020, 11:35 a.m.
Last Update	July 7, 2020, 11:35 a.m.

Affected System

TIBCO Software

TIBCO Managed File Transfer Platform Server 7.1.0 およびそれ以前

TIBCO Managed File Transfer Platform Server 8.0.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2020-9412	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9412
National Vulnerability Database (NVD)
2	CVE-2020-9412	https://nvd.nist.gov/vuln/detail/CVE-2020-9412

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
TIBCO Security Advisory
1	Security Advisories	https://www.tibco.com/services/support/advisories
2	TIBCO Security Advisory: June 9, 2020 - TIBCO Managed File Transfer Platform Server for IBM i	https://www.tibco.com/support/advisories/2020/06/tibco-security-advisory-june-9-2020-tibco-managed-file-transfer-2020-9412

Change Log

No	Changed Details	Date of change
1	[2020年07月07日] 掲載	July 7, 2020, 11:35 a.m.