CVE-2018-12408 — XML External Entity (XXE) Injection in Software INC Tibco Activematrix Businessworks

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 49.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Activematrix Businessworks Tibco Software INC Tibco Activematrix Businessworks Distribution FOR Tibco Silver Fabric Tibco Software INC Tibco Activematrix Businessworks FOR Z Linux +2 more

Timeline

PublishedAug 8

Latest updateMay 13

Description

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and in…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5tibco_software_inc/tibco_activematrix_businessworks_distribution_for_tibco_silver_fabricunspecified — 5.13.0

▶CVEListV5tibco_software_inc/tibco_activematrix_businessworks_for_z_linuxunspecified — 5.13.0

▶NVDtibco/activematrix_businessworks_distribution5.13.0

▶CVEListV5tibco_software_inc/tibco_activematrix_businessworksunspecified — 5.13.0

▶NVDtibco/activematrix_businessworks5.13.0

🔴Vulnerability Details

GHSA

GHSA-x752-5hrq-8pgc: The BusinessWorks engine component of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability↗2018-08-08

▶