TIBCO EBX Add-ons Arbitrary File Write
Original release date: May 23, 2023
Last revised: ---
Source: TIBCO Software Inc.
Description
The component listed above contains an exploitable vulnerability that allows
an attacker to upload files to a directory accessible by the web server.
Impact
An application administrator without access to the underlying server could
upload files that may be evaluated by the web server allowing them to perform
actions with the privileges of the web server.
CVSS v3.1 Base Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
Environment
Products Affected
TIBCO EBX Add-ons versions 4.5.16 and below
The following component is affected:
* server
Resolution
TIBCO has released updated versions of the affected systems which address this
issue:
TIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or
later