CVE-2018-12408 - OpenCVE

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Activematrix Businessworks Activematrix Businessworks Distribution For Tibco Silver Fabric

Configuration 1 [-]

OR	cpe:2.3:a:tibco:activematrix_businessworks::::::::
	cpe:2.3:a:tibco:activematrix_businessworks::::::linux::*
	cpe:2.3:a:tibco:activematrix_businessworks_distribution_for_tibco_silver_fabric::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105043
http://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2018/08/tibco-security-advisory-august-7-2018-tibco-activematrix-businessworks

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2018-08-08T14:00:00Z

Updated: 2024-09-17T02:56:30.441Z

Reserved: 2018-06-14T00:00:00

Link: CVE-2018-12408

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-08T14:29:00.317

Modified: 2019-10-09T23:33:55.793

Link: CVE-2018-12408

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object