CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8990 – TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication
https://notcve.org/view.php?id=CVE-2019-8990
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. • http://www.securityfocus.com/bid/107840 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-12408 – TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability
https://notcve.org/view.php?id=CVE-2018-12408
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0. El componente del motor BusinessWorks de TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux y TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric, de TIBCO Software, contiene una vulnerabilidad que podría permitir ataques de XEE (XML External Entity) mediante mensajes entrantes de red y podría revelar el contenido de los archivos accesibles a un motor BusinessWorks en ejecución. Las versiones afectadas son TIBCO Software Inc. • http://www.securityfocus.com/bid/105043 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.0EPSS: 0%CPEs: 50EXPL: 0CVE-2012-0687
https://notcve.org/view.php?id=CVE-2012-0687
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL. TIBCO ActiveMatrix Runtime Platform de Service Grid y Service Bus 2.x anteriores a 2.3.2 y BusinessWorks Service Engine anteriores a 5.8.2; TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anteriores a 3.1.5, BusinessWorks Service Engine 5.9.x anteriores a 5.9.3, y BPM anteriores a 1.3.0; TIBCO BusinessEvents Runtime de Enterprise y Inference Editions 3.x anteriores a 3.0.3, Standard Edition 4.x anteriores a 4.0.2, y Standard Edition y Express 5.0.0; y TIBCO BusinessWorks Engine de TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 y ActiveMatrix BusinessWorks anteriores a 5.9.3 permiten a atacantes remotos obtener información confidencial a través de una URL modificada. • http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •