CVE-2018-18810

Summary

The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Managed File Transfer Command Centerunspecified <= 7.3.2affected
TIBCO Software Inc.TIBCO Managed File Transfer Command Center8.0.0affected
TIBCO Software Inc.TIBCO Managed File Transfer Command Center8.0.1affected
TIBCO Software Inc.TIBCO Managed File Transfer Command Center8.0.2affected
TIBCO Software Inc.TIBCO Managed File Transfer Command Center8.1.0affected
TIBCO Software Inc.TIBCO Managed File Transfer Internet Serverunspecified <= 7.3.2affected
TIBCO Software Inc.TIBCO Managed File Transfer Internet Server8.0.0affected
TIBCO Software Inc.TIBCO Managed File Transfer Internet Server8.0.1affected
TIBCO Software Inc.TIBCO Managed File Transfer Internet Server8.0.2affected
TIBCO Software Inc.TIBCO Managed File Transfer Internet Server8.1.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility that an authenticated user with specific kinds of privileges could view credentials used to access other services, when they should not be able to do so.

ADP Enrichment

CVE Program Container

Additional References

References