Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content

i'd like to know more about the MFT security advistory, CVE...


Recommended Posts

i'd like to know more about the MFT security advistory, CVE-2014-2545. So far we know this:

 

"CVE-2014-2545 TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request."

 

"CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:P/I:N/A:N) (legend) "

 

Obviously I'll follow the advise and update to 7.2.2. It is rated a MEDIUM - but some more information will helpassess the urgency.

- The vulnerability refers to HTTP requests. Are HTTPS connections affected

- Is this in any way related to Heartbleed Are private keys exposedWill I have to re-generated my SSL keys as part of my overall upgrade procedure

Link to comment
Share on other sites

  • 5 years later...

Please refer toTIBCO Securityfor these issues.

It has links to all of this type of information and TIBCO's Security Policies and Procedures. It also provides the relevant contact information for security related issues. Due to the potential impact, we don't detail these issues in TIBCO Community.

Link to comment
Share on other sites

×
×
  • Create New...