The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now!
A chart showing the TIBCO Platform vision
Jump to content
Forums
Ask questions and gain insight from discussions

i'd like to know more about the MFT security advistory, CVE...


Manoj Chaurasia

Recommended Posts

i'd like to know more about the MFT security advistory, CVE-2014-2545. So far we know this:

 

"CVE-2014-2545 TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive information via a crafted HTTP request."

 

"CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/AU:N/C:P/I:N/A:N) (legend) "

 

Obviously I'll follow the advise and update to 7.2.2. It is rated a MEDIUM - but some more information will helpassess the urgency.

- The vulnerability refers to HTTP requests. Are HTTPS connections affected

- Is this in any way related to Heartbleed Are private keys exposedWill I have to re-generated my SSL keys as part of my overall upgrade procedure

Link to comment
Share on other sites

  • 5 years later...

Please refer toTIBCO Securityfor these issues.

It has links to all of this type of information and TIBCO's Security Policies and Procedures. It also provides the relevant contact information for security related issues. Due to the potential impact, we don't detail these issues in TIBCO Community.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...