CVE-2026-3912
published 2026-03-24CVE-2026-3912: Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information…
PriorityP350high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.33%
25.0th percentile
Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tibco | activematrix_businessworks | >= 6.10.0 < HF6 | HF6 |
| tibco | activematrix_businessworks | >= 6.11.0 < HF4 | HF4 |
| tibco | activematrix_businessworks | >= 6.12.0 < HF1 | HF1 |
| tibco | activematrix_businessworks | >= 6.9.1 < HF8 | HF8 |
| tibco | enterprise_administrator | >= 2.4.3 < HF2 | HF2 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-24
Published