CVE-2020-9411

Name of the Vulnerable Software and Affected Versions: TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and below TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0

Description: The issue is related to errors in the authentication request handling mechanism of the file transfer component. This could allow a remote attacker to modify arbitrary files. The vulnerability can be exploited when the configuration option 'Require Node Resp' is set to 'No', potentially allowing unauthorized network file transfers. A successful exploit could result in the attacker being able to read and write any file on the accessible file system, affecting the confidentiality, integrity, and availability of the operating system.

Recommendations: For TIBCO Managed File Transfer Platform Server for IBM i versions 7.1.0 and below, consider updating the configuration to set 'Require Node Resp' to 'Yes' as a temporary workaround. For TIBCO Managed File Transfer Platform Server for IBM i version 8.0.0, consider restricting access to the file transfer component until a fix is available. As a general mitigation measure, restrict access to the file system accessible to the affected component to minimize the risk of exploitation.