Search criteria
9 vulnerabilities found for activematrix_businessworks by tibco
FKIE_CVE-2019-8990
Vulnerability from fkie_nvd - Published: 2019-04-09 18:29 - Updated: 2024-11-21 04:50
Severity ?
Summary
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/107840 | Broken Link, Third Party Advisory, VDB Entry | |
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/107840 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_businessworks | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4F74E9-CFDD-4444-B4B6-7F59D0DC5598",
"versionEndIncluding": "6.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The HTTP Connector component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2."
},
{
"lang": "es",
"value": "ActiveMatrix BusinessWorks de TIBCO del componente Conector HTTP de TIBCO Software Inc. contiene una vulnerabilidad que te\u00f3ricamente permite que las peticiones HTTP no identificadas sean procesadas por el motor de BusinessWorks incluso cuando se requiere autorizaci\u00f3n. Esta posibilidad est\u00e1 restringida a circunstancias en las que se utiliza la Directiva HTTP \"Basic Authentication\" junto con un recurso de autorizaci\u00f3n XML. El motor BusinessWorks podr\u00eda utilizar en su lugar las credenciales de una petici\u00f3n HTTP anterior para fines de autorizaci\u00f3n. Las versiones afectadas son TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versiones hasta e incluyendo 6.4.2"
}
],
"id": "CVE-2019-8990",
"lastModified": "2024-11-21T04:50:46.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-09T18:29:00.953",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107840"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107840"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12408
Vulnerability from fkie_nvd - Published: 2018-08-08 14:29 - Updated: 2024-11-21 03:45
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | activematrix_businessworks | * | |
| tibco | activematrix_businessworks | * | |
| tibco | activematrix_businessworks_distribution_for_tibco_silver_fabric | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1031FCC1-BBF4-4D52-8742-389F79B26A37",
"versionEndIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "54B9B696-B916-48FB-A8F9-C175CE5CCEDB",
"versionEndIncluding": "5.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_distribution_for_tibco_silver_fabric:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31DAE3CE-BA81-4AE6-B41C-46A19B6FE412",
"versionEndIncluding": "5.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The BusinessWorks engine component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0."
},
{
"lang": "es",
"value": "El componente del motor BusinessWorks de TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux y TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric, de TIBCO Software, contiene una vulnerabilidad que podr\u00eda permitir ataques de XEE (XML External Entity) mediante mensajes entrantes de red y podr\u00eda revelar el contenido de los archivos accesibles a un motor BusinessWorks en ejecuci\u00f3n. Las versiones afectadas son TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: hasta la versi\u00f3n 5.13.0 (incluida), TIBCO ActiveMatrix BusinessWorks for z/Linux: hasta la versi\u00f3n 5.13.0 (incluida), TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: hasta la versi\u00f3n 5.13.0 (incluida)."
}
],
"id": "CVE-2018-12408",
"lastModified": "2024-11-21T03:45:09.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-08T14:29:00.317",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105043"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0687
Vulnerability from fkie_nvd - Published: 2012-03-13 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1327844B-F7C0-4AAC-8C4B-2D636962FA05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1B1EBE-1D83-4EE7-8163-01A0DAAD57ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8EE5C4-6925-4350-B0AA-25EA7CBAC521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0CF9E0-98A3-4C71-88F5-6F4CFD279E13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1F052E8A-20B8-4A10-AE17-05A58E483AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79E3F956-9FFB-4655-B70D-FC16D361222A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF7A848-DA84-4252-BA8F-7D063050AC21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "63A24DBF-4091-4B99-9970-FCD54EA15BC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BB758D-5C74-493C-ABE7-6DA289253636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_bus:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3A5CE12-C8A8-4E48-BF6C-914C284D391C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5033723A-C919-4A27-8FF6-52A32BCCB017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BFCCF420-1F20-4D02-966A-AD6289DE288A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E936C75A-CBBF-47EB-AE2A-1ACBD2F6FBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C03217D0-B2FC-4633-BA64-C54783D1E724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8DFB0E-2566-4D9A-BDF9-0A7B3508C070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76EFABBA-ABC4-4F90-AC85-938260E653AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9694E246-B73B-4644-915F-1FEA7F1DF415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4CEE48-3302-4138-8E61-0DA60452CFA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "68B99531-DFDA-4625-B0E7-4CDF20A73DF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F28DAF05-7BB6-404E-8710-A61866338605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F633E9D8-BCB2-4748-A91C-1A3D5CD1C953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_service_grid:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C77FCFF9-EEFA-4098-BBAC-7D35E04D130A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4DAA2448-FDC2-4B64-AFE5-BF65317DFD74",
"versionEndIncluding": "5.8.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B6A2A1E-FF90-44BA-B97E-7CFF440BF084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F79D6572-D634-4A09-A1D4-1DD199645EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6A3A3AC0-5C0E-4D98-84D7-8327D116EDB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A25960E5-D2F0-4C64-B9A0-4D792B90F901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9E211C-1ADF-4E40-AFD8-0FD2816F04F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "73CD7625-A5ED-4D88-AFBF-450AE2E439D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B72511C0-3CDA-40F4-8C35-0B2B03D19BFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A147E2-A869-4306-94C7-D5B32333EE1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8673962-517F-40F8-AA69-DB94CECD0A33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks_service_engine:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDC53F2-7AC7-490F-A1F9-55D3760D9175",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_activematrix_service_grid_distribution:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C115BF-EBFF-45E2-A63F-B35F1B6FE42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:silver_fabric_activematrix_service_grid_distribution:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC473FC-B30F-41C1-AABC-86980CF2E563",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2B9890-BE2B-46BA-9E23-306902AFC286",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "47C5D35B-3DA4-4829-9115-9061F725392B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5F8D9F-C1E1-4F39-BF08-D08FC07523C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "690E5EB3-C8C4-416C-B6A8-94C1222AEC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:activematrix_bpm:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91468F89-DBAF-45C9-894C-851583D84BAB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "A635FA7A-831D-4A70-BB12-1DD8F8CBB1B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0:*:inference:*:*:*:*:*",
"matchCriteriaId": "D2A70B8C-1B8F-4D77-BBDE-720561D8D04E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "1D26C307-61C7-4CE4-B6B8-52D24491DA41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0.2:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "4A365D8D-6261-4535-A811-0D8D3EB36D22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:3.0.2:*:inference:*:*:*:*:*",
"matchCriteriaId": "824E6C4B-5F11-4073-AE4F-6934F1D0A5CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:4.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "24FBA4F6-E78B-4261-81C0-03C6D87A0586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:4.0.1:*:standard:*:*:*:*:*",
"matchCriteriaId": "EA2DF7B4-13B2-4C33-A26A-4C75D1D2C44F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:5.0:*:express:*:*:*:*:*",
"matchCriteriaId": "2BCA6DA4-61C5-4017-A436-292A4016D562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:businessevents:5.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "CD81DADC-39A4-4652-A1AC-20F1CCE50AD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC861446-3E30-4776-B874-F2E3C8C49816",
"versionEndIncluding": "5.9.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
},
{
"lang": "es",
"value": "TIBCO ActiveMatrix Runtime Platform de Service Grid y Service Bus 2.x anteriores a 2.3.2 y BusinessWorks Service Engine anteriores a 5.8.2; TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anteriores a 3.1.5, BusinessWorks Service Engine 5.9.x anteriores a 5.9.3, y BPM anteriores a 1.3.0; TIBCO BusinessEvents Runtime de Enterprise y Inference Editions 3.x anteriores a 3.0.3, Standard Edition 4.x anteriores a 4.0.2, y Standard Edition y Express 5.0.0; y TIBCO BusinessWorks Engine de TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 y ActiveMatrix BusinessWorks anteriores a 5.9.3 permiten a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de una URL modificada."
}
],
"id": "CVE-2012-0687",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-13T10:55:01.010",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-8990 (GCVE-0-2019-8990)
Vulnerability from cvelistv5 – Published: 2019-04-09 17:37 – Updated: 2024-09-16 17:03
VLAI?
Title
TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication
Summary
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
Severity ?
9.1 (Critical)
CWE
- The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BusinessWorks |
Affected:
unspecified , ≤ 6.4.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
},
{
"name": "107840",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BusinessWorks",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP Connector component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T12:06:05",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
},
{
"name": "107840",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107840"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher."
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-09T16:00:00.000Z",
"ID": "CVE-2019-8990",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BusinessWorks",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Connector component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
},
{
"name": "107840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107840"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8990",
"datePublished": "2019-04-09T17:37:10.700287Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T17:03:00.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12408 (GCVE-0-2018-12408)
Vulnerability from cvelistv5 – Published: 2018-08-08 14:00 – Updated: 2024-09-17 02:56
VLAI?
Title
TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability
Summary
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.
Severity ?
7.5 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility of an unauthenticated user gaining access to sensitive information that is available to the system account hosting the BusinessWorks engine.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BusinessWorks |
Affected:
unspecified , ≤ 5.13.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:04.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105043",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BusinessWorks",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BusinessWorks for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BusinessWorks engine component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of an unauthenticated user gaining access to sensitive information that is available to the system account hosting the BusinessWorks engine.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-10T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105043",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105043"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BusinessWorks versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks for z/Linux versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric versions 5.13.0 and below update to version 5.13.1 or higher."
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-08-07T16:00:00.000Z",
"ID": "CVE-2018-12408",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability",
"UPDATED": "2018-08-31T16:00:00.000Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BusinessWorks",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.13.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BusinessWorks for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.13.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.13.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BusinessWorks engine component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of an unauthenticated user gaining access to sensitive information that is available to the system account hosting the BusinessWorks engine."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105043"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BusinessWorks versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks for z/Linux versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric versions 5.13.0 and below update to version 5.13.1 or higher."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12408",
"datePublished": "2018-08-08T14:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-17T02:56:30.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0687 (GCVE-0-2012-0687)
Vulnerability from cvelistv5 – Published: 2012-03-13 10:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"name": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0687",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:51.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-8990 (GCVE-0-2019-8990)
Vulnerability from nvd – Published: 2019-04-09 17:37 – Updated: 2024-09-16 17:03
VLAI?
Title
TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication
Summary
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
Severity ?
9.1 (Critical)
CWE
- The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BusinessWorks |
Affected:
unspecified , ≤ 6.4.2
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:31:37.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
},
{
"name": "107840",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107840"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BusinessWorks",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "6.4.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-04-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HTTP Connector component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T12:06:05",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
},
{
"name": "107840",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107840"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher."
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-04-09T16:00:00.000Z",
"ID": "CVE-2019-8990",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BusinessWorks",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "6.4.2"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Connector component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP \"Basic Authentication\" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the possibility of a malicious HTTP client successfully executing HTTP requests without authenticating. This possibility is restricted to circumstances where HTTP basic authentication is used in conjunction with an XML Authentication resource."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks"
},
{
"name": "107840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107840"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-8990",
"datePublished": "2019-04-09T17:37:10.700287Z",
"dateReserved": "2019-02-21T00:00:00",
"dateUpdated": "2024-09-16T17:03:00.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12408 (GCVE-0-2018-12408)
Vulnerability from nvd – Published: 2018-08-08 14:00 – Updated: 2024-09-17 02:56
VLAI?
Title
TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability
Summary
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.
Severity ?
7.5 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility of an unauthenticated user gaining access to sensitive information that is available to the system account hosting the BusinessWorks engine.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO ActiveMatrix BusinessWorks |
Affected:
unspecified , ≤ 5.13.0
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:04.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105043",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105043"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO ActiveMatrix BusinessWorks",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BusinessWorks for z/Linux",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "5.13.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-08-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The BusinessWorks engine component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility of an unauthenticated user gaining access to sensitive information that is available to the system account hosting the BusinessWorks engine.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-10T09:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105043",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105043"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BusinessWorks versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks for z/Linux versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric versions 5.13.0 and below update to version 5.13.1 or higher."
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-08-07T16:00:00.000Z",
"ID": "CVE-2018-12408",
"STATE": "PUBLIC",
"TITLE": "TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability",
"UPDATED": "2018-08-31T16:00:00.000Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO ActiveMatrix BusinessWorks",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.13.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BusinessWorks for z/Linux",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.13.0"
}
]
}
},
{
"product_name": "TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "5.13.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BusinessWorks engine component of TIBCO Software Inc.\u0027s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility of an unauthenticated user gaining access to sensitive information that is available to the system account hosting the BusinessWorks engine."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "105043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105043"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO ActiveMatrix BusinessWorks versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks for z/Linux versions 5.13.0 and below update to version 5.13.1 or higher,\nTIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric versions 5.13.0 and below update to version 5.13.1 or higher."
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-12408",
"datePublished": "2018-08-08T14:00:00Z",
"dateReserved": "2018-06-14T00:00:00",
"dateUpdated": "2024-09-17T02:56:30.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0687 (GCVE-0-2012-0687)
Vulnerability from nvd – Published: 2012-03-13 10:00 – Updated: 2024-09-16 18:55
VLAI?
Summary
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt"
},
{
"name": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt"
},
{
"name": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0687",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-16T18:55:51.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}