i'd like to know more about the MFT security advistory, CVE...

[Manoj Chaurasia]

i'd like to know more about the MFT security advistory, CVE-2014-2545. So far we know this:

 

"CVE-2014-2545 TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request."

 

"CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:P/I:N/A:N) (legend) "

 

Obviously I'll follow the advise and update to 7.2.2. It is rated a MEDIUM - but some more information will helpassess the urgency.

- The vulnerability refers to HTTP requests. Are HTTPS connections affected

- Is this in any way related to Heartbleed Are private keys exposedWill I have to re-generated my SSL keys as part of my overall upgrade procedure

[Donald Johnson]

Please refer toTIBCO Securityfor these issues.

It has links to all of this type of information and TIBCO's Security Policies and Procedures. It also provides the relevant contact information for security related issues. Due to the potential impact, we don't detail these issues in TIBCO Community.