CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8990 – TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication
https://notcve.org/view.php?id=CVE-2019-8990
09 Apr 2019 — The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affe... • http://www.securityfocus.com/bid/107840 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-12408 – TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability
https://notcve.org/view.php?id=CVE-2018-12408
08 Aug 2018 — The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13... • http://www.securityfocus.com/bid/105043 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2012-0687
https://notcve.org/view.php?id=CVE-2012-0687
13 Mar 2012 — TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TI... • http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •