CVE-2022-22774

Name of the Vulnerable Software and Affected Versions TIBCO Managed File Transfer Command Center versions 8.3.1 and below TIBCO Managed File Transfer Command Center versions 8.4.0 and 8.4.1 TIBCO Managed File Transfer Internet Server versions 8.3.1 and below TIBCO Managed File Transfer Internet Server versions 8.4.0 and 8.4.1

Description The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system.

Recommendations For TIBCO Managed File Transfer Command Center versions 8.3.1 and below, update to a version above 8.3.1. For TIBCO Managed File Transfer Command Center versions 8.4.0 and 8.4.1, update to a version above 8.4.1. For TIBCO Managed File Transfer Internet Server versions 8.3.1 and below, update to a version above 8.3.1. For TIBCO Managed File Transfer Internet Server versions 8.4.0 and 8.4.1, update to a version above 8.4.1. As a temporary workaround, consider disabling the DOM XML parser and SAX XML parser components until a patch is available.