CVE-2022-30572

TIBCO iWay Service Manager Directory Traversal Vulnerability

Description

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.

Remediation

Solution:

TIBCO has released updated versions of the affected components which address these issues. TIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later

References

Link	Tags
https://www.tibco.com/services/support/advisories	vendor advisory
https://www.tibco.com/support/advisories/2022/07/tibco-security-advisory-august-2-2022-tibco-iway-sm-cve-2022-30572	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-30572?: CVE-2022-30572 has been scored as a medium severity vulnerability.
How to fix CVE-2022-30572?: To fix CVE-2022-30572: TIBCO has released updated versions of the affected components which address these issues. TIBCO iWay Service Manager versions 8.0.6 and below: update to version 8.0.7 or later
Is CVE-2022-30572 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-30572 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-30572?: CVE-2022-30572 affects TIBCO Software Inc. TIBCO iWay Service Manager.

Description

Remediation

Category

CWE-22 – Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

References

Frequently Asked Questions