CVE-2022-22774
Published: May 10, 2022
Modified: Sep 16, 2024
CVSS v3.1
8.6
Description
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1.
| Vendor | Product | Versions |
|---|---|---|
TIBCO Software Inc. | TIBCO Managed File Transfer Command Center | affected unspecified - <= 8.3.1 |
TIBCO Software Inc. | TIBCO Managed File Transfer Command Center | affected 8.4.0affected 8.4.1 |
TIBCO Software Inc. | TIBCO Managed File Transfer Internet Server | affected unspecified - <= 8.3.1 |
TIBCO Software Inc. | TIBCO Managed File Transfer Internet Server | affected 8.4.0affected 8.4.1 |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now