Security Advisory Regarding TIBCO EBX Add-ons

Security Advisory Regarding TIBCO EBX Add-ons

book

Article ID: KB0107941

calendar_today

Updated On:

Products Versions
TIBCO EBX Add-ons 4.5.16 and below

Description

TIBCO EBX Add-ons Arbitrary File Write

  Original release date: May 23, 2023
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains an exploitable vulnerability that allows
  an attacker to upload files to a directory accessible by the web server.


Impact

  An application administrator without access to the underlying server could
  upload files that may be evaluated by the web server allowing them to perform
  actions with the privileges of the web server.

  CVSS v3.1 Base Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Environment

Products Affected TIBCO EBX Add-ons versions 4.5.16 and below The following component is affected: * server

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or
    later

Issue/Introduction

Security Advisory Regarding TIBCO EBX Add-ons Arbitrary File Write

Additional Information

https://www.tibco.com/support/advisories/2023/05/tibco-security-advisory-may-25-2023-tibco-ebx-add-ons-cve-2023-26216