Vulnerability Details : CVE-2017-5531
Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications.
Exploit prediction scoring system (EPSS) score for CVE-2017-5531
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-5531
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
8.0
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
TIBCO Software Inc. |
References for CVE-2017-5531
-
https://www.tibco.com/support/advisories/2017/10/tibco-security-advisory-october-17-2017-tibco-managed-file-transfer
TIBCO Security Advisory: October 17, 2017 - TIBCO® Managed File Transfer | TIBCO SoftwareVendor Advisory
-
http://www.tibco.com/services/support/advisories
Advisory | TIBCO SoftwareVendor Advisory
-
http://www.securityfocus.com/bid/101545
Multiple TIBCO products CVE-2017-5531 Remote Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
Products affected by CVE-2017-5531
- cpe:2.3:a:tibco:managed_file_transfer_internet_server:8.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:managed_file_transfer_internet_server:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:managed_file_transfer_command_center:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:tibco:managed_file_transfer_command_center:8.0.0:*:*:*:*:*:*:*