CVE-2019-8990 — Improper Authentication in Software INC Tibco Activematrix Businessworks

CWE-287 — Improper Authentication3 documents3 sources

Severity

8.1HIGHNVD

EPSS

2.1%

top 16.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Activematrix Businessworks Tibco Activematrix Businessworks

Timeline

PublishedApr 9

Latest updateMay 13

Description

The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization pu…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5tibco_software_inc/tibco_activematrix_businessworksunspecified — 6.4.2

▶NVDtibco/activematrix_businessworks6.4.2

🔴Vulnerability Details

GHSA

GHSA-6fv5-xv88-5c73: The HTTP Connector component of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication↗2019-04-09

▶