Lucene search

TibcoCVE-2018-12408

HistoryAug 08, 2018 - 2:29 p.m.

CVE-2018-12408

2018-08-0814:29:00

CWE-611

tibco

web.nvd.nist.gov

cve-2018-12408

tibco software inc.

tibco

activematrix businessworks

xxe vulnerability

network security

nvd

xml

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

53.6%

JSON

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.

Affected configurations

Nvd

Node

tibcoactivematrix_businessworksRange≤5.13.0

tibcoactivematrix_businessworksRange≤5.13.0linux

tibcoactivematrix_businessworks_distribution_for_tibco_silver_fabricRange≤5.13.0

VendorProductVersionCPE
tibcoactivematrix_businessworks*cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:*:*:*
tibcoactivematrix_businessworks*cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:linux:*:*
tibcoactivematrix_businessworks_distribution_for_tibco_silver_fabric*cpe:2.3:a:tibco:activematrix_businessworks_distribution_for_tibco_silver_fabric:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tibco	activematrix_businessworks	*	cpe:2.3:a:tibco:activematrix_businessworks::::::::
tibco	activematrix_businessworks	*	cpe:2.3:a:tibco:activematrix_businessworks::::::linux::*
tibco	activematrix_businessworks_distribution_for_tibco_silver_fabric	*	cpe:2.3:a:tibco:activematrix_businessworks_distribution_for_tibco_silver_fabric::::::::

CNA Affected

[
  {
    "product": "TIBCO ActiveMatrix BusinessWorks",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.13.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO ActiveMatrix BusinessWorks for z/Linux",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.13.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.13.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105043

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

High

EPSS

0.002

Percentile

53.6%

JSON

Related for CVE-2018-12408