CVE-2020-9412 CRITICAL

CVE-2020-9412: TIBCO Managed File Transfer Platform Server for IBM i Arbitrary Command Execution

Vendor Tibco Software Inc.
Product TIBCO Managed File Transfer Platform Server for IBM i
Published June 9, 2020
Last update September 17, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i: versions 7.1.0 and below, version 8.0.0.

Key dates

02Disclosure timeline

June 9, 2020 CVE published
September 17, 2024 Record updated