TIBCO ActiveMatrix BPM Escalation of Privileges Vulnerability
CVE-2019-8994

5.4MEDIUM

Key Information:

Vendor

Tibco
Status
Tibco Activematrix Bpm
Tibco Activematrix Bpm Distribution For Tibco Silver Fabric
Tibco Silver Fabric Enabler For Activematrix Bpm
Vendor
CVE Published:
24 April 2019

What is CVE-2019-8994?

The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact other users. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

TIBCO ActiveMatrix BPM <= 4.2.0

TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric <= 4.2.0

TIBCO Silver Fabric Enabler for ActiveMatrix BPM <= 1.4.1

References

http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/04/tibco-se...
x_refsource_MISC
http://www.securityfocus.com/bid/108060
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.