Security Advisory Regarding TIBCO EBX
Article ID: KB0107923
Updated On:
| Products | Versions |
|---|---|
| TIBCO EBX | 5.9.25 and below, 6.1.3 HF3 and below |
Description
TIBCO Security Advisory: June 11, 2024 - TIBCO EBX - CVE-2024-4576
TIBCO EBX File Inclusion Vulnerability
Original release date: June 11, 2024
Last revised: —
CVE-2024-4576
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.
Impact
The impact of this vulnerability includes the theoretical possibility of an attacker accessing sensitive files that may lead to the leakage of confidential data.
CVSS v3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Environment
Products Affected
TIBCO EBX versions 5.9.25 and below
TIBCO EBX versions 6.1.3 HF3 and below
The following component is affected:
EBX Add-ons
Resolution
Resolution
TIBCO has released updated versions of the affected systems which address this issue:
- TIBCO EBX versions 5.9.23 and below: update to version 5.9.26 or later
- TIBCO EBX versions 6.0.x : update to version 6.1.3 HF3 or later
- TIBCO EBX versions 6.1.3 HF2 and below: update to version 6.1.3 HF3 or later
Issue/Introduction
Security Advisory Regarding TIBCO EBX File Inclusion Vulnerability
Additional Information
https://community.tibco.com/advisories/tibco-security-advisory-june-11-2024-tibco-ebx-cve-2024-4576-r215
Feedback
Yes
No
Powered by
