Main Vulnerability Database SB2022051317

SB2022051317 - XML External Entity injection in TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server

Published: May 13, 2022

Security Bulletin ID SB2022051317

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) XML External Entity injection (CVE-ID: CVE-2022-22774)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied XML input in the DOM XML parser and SAX XML parser. A remote attacker can pass a specially crafted XML code and update, insert or delete access to data on the affected system and associated resources.

Remediation

Install update from vendor's website.

References

https://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-10-2022-tibco-mftcc-2022-22774