Products | Versions |
---|---|
TIBCO EBX | 4.4.2 and below |
TIBCO EBX EXML External Entity
Original release date: January 12, 2021
Last revised: ---
Source: TIBCO Software Inc.
Description
The components listed above contain a vulnerability that theoretically allows
a low privileged attacker with network access to execute an XML External
Entity (XXE) attack.
Impact
The impact of these vulnerabilities include the possibility that an attacker
would gain unauthorized read access to TIBCO EBX data, and the ability to
cause a partial denial of service (partial DOS) on the affected system.
CVSS v3 Base Score: 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)