CVE-2022-22772

HIGH

TIBCO Managed File Transfer Platform Server < 8.1.1 - Remote Code Execution in cfsend, cfrecv, and CyberResp Components

Title source: llm

Description

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://www.tibco.com/services/support/advisories

Vendor Advisory x_refsource_confirm

https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772

Scores

CVSS v3 8.5

EPSS 0.0147

EPSS Percentile 81.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

Status published

Products (1)

tibco/managed_file_transfer_platform_server < 8.1.1

Published Mar 30, 2022

Tracked Since Feb 18, 2026