cbcvebase.
CVE-2026-3912
published 2026-03-24

CVE-2026-3912: Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information…

PriorityP350high8.7CVSS 4.0
AVNACLATNPRLUINVCHVIHVAHSCLSILSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EPSS
0.33%
25.0th percentile
Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.

Affected

5 ranges
VendorProductVersion rangeFixed in
tibcoactivematrix_businessworks>= 6.10.0 < HF6HF6
tibcoactivematrix_businessworks>= 6.11.0 < HF4HF4
tibcoactivematrix_businessworks>= 6.12.0 < HF1HF1
tibcoactivematrix_businessworks>= 6.9.1 < HF8HF8
tibcoenterprise_administrator>= 2.4.3 < HF2HF2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.