CVE-2024-4407: TIBCO Managed File Transfer Server Vulnerability Could Lead to System Takeover

TIBCO has issued a security advisory warning users of a critical-severity vulnerability (CVE-2024-4407) in its Managed File Transfer Platform Server for UNIX and z/Linux. This flaw could allow malicious actors to bypass authentication, gain root access, and take complete control of affected systems.

A diagram of a typical MFT deployment | Image: TIBCO

With a CVSS score of 9.0, the flaw resides in the authentication mechanism of the TIBCO Managed File Transfer Platform Server. Specifically, it allows clients to bypass user-id/password authentication. As a result, an attacker could transfer files or execute commands with root privileges if the Platform Server is configured incorrectly.

The CVE-2024-4407 vulnerability affects the following versions:

• TIBCO Managed File Transfer Platform Server for UNIX: Versions 8.0.0, 8.0.1, 8.1.0, 8.1.1
• TIBCO Managed File Transfer Platform Server for z/Linux: Versions 8.0.0, 8.0.1, 8.1.0, 8.1.1

The potential impact of this vulnerability is severe, including the unauthorized transfer of files and execution of commands as root. This scenario is particularly critical because it could lead to complete system compromise. Notably, this vulnerability only manifests when the Platform Server is started as root. If the server is started as a non-root user, the risk is mitigated.

TIBCO has released updated versions of the software (8.0.2 or 8.1.2) that address this vulnerability. All affected organizations are strongly urged to upgrade their software as soon as possible.