TIBCO Managed File Transfer, TIBCO Slingshot

ソフト名：TIBCO Managed File Transfer Command Center 7.1.0以下/Internet Server 7.1.0以下, TIBCO Slingshot 1.8.0以下

回避策：アップデートにて対応

脆弱性：セッションの乗っ取り, XSS, 不正HTMLの実行, スクリプトコード実行

ソース：

http://www.tibco.com/products/soa/multi-enterprise-connectivity/managed-file-transfer/tibco-managed-file-transfer/default.jsp

http://www.tibco.com/products/soa/multi-enterprise-connectivity/managed-file-transfer/slingshot/default.jsp

http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp

http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt

http://secunia.com/advisories/45976/

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3423

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3424

CVE：CVE-2011-3423, CVE-2011-3424

危険性：Medium Risk