Security Advisory for TIBCO ActiveMatrix BusinessWorks 5.X
Article ID: KB0108098
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | 5.13 and lower |
Description
Description
The component listed above contains a vulnerability that may allow
XML eXternal Entity (XXE) attacks via incoming networks messages, and may
disclose the contents of files accessible to a running BusinessWorks engine.
Impact
The impact of this vulnerability includes the theoretical possibility
of an unauthenticated user gaining access to sensitive information that is
available to the system account hosting the BusinessWorks engine.
CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
The component listed above contains a vulnerability that may allow
XML eXternal Entity (XXE) attacks via incoming networks messages, and may
disclose the contents of files accessible to a running BusinessWorks engine.
Impact
The impact of this vulnerability includes the theoretical possibility
of an unauthenticated user gaining access to sensitive information that is
available to the system account hosting the BusinessWorks engine.
CVSS v3 Base Score: 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Issue/Introduction
Security Advisory for TIBCO ActiveMatrix BusinessWorks 5.X
Environment
Systems Affected
TIBCO ActiveMatrix BusinessWorks versions 5.13.0 and below
TIBCO ActiveMatrix BusinessWorks for z/Linux versions 5.13.0 and below
TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric
versions 5.13.0 and below
The following components are affected:
* BusinessWorks engine
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO ActiveMatrix BusinessWorks versions 5.13.0 and below
update to version 5.14.0 or higher
TIBCO ActiveMatrix BusinessWorks for z/Linux versions 5.13.0 and below
update to version 5.14.0 or higher
TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric
versions 5.13.0 and below update to version 5.14.0 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO ActiveMatrix BusinessWorks versions 5.13.0 and below
update to version 5.14.0 or higher
TIBCO ActiveMatrix BusinessWorks for z/Linux versions 5.13.0 and below
update to version 5.14.0 or higher
TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric
versions 5.13.0 and below update to version 5.14.0 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2018-12408
http://www.tibco.com/services/support/advisories
CVE-2018-12408
Feedback
Yes
No
Powered by
