CVE-2022-22772
Last modified
CVE-2022-22772 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.. EPSS estimates a 2.18% chance of exploitation in the next 30 days.
Description
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Managed File Transfer Platform Server | < 8.1.1 |
References
- https://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/services/support/advisoriesVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-22772?
How severe is CVE-2022-22772?
How do I fix CVE-2022-22772?
Are you affected by CVE-2022-22772?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST