TIBCO ActiveMatrix BPM Open Redirect Vulnerability
CVE-2019-8995

4.7MEDIUM

Key Information:

Vendor
Tibco
Status
Tibco Activematrix Bpm
Tibco Activematrix Bpm Distribution For Tibco Silver Fabric
Tibco Silver Fabric Enabler For Activematrix Bpm
Vendor
CVE Published:
24 April 2019

Summary

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

Affected Version(s)

TIBCO ActiveMatrix BPM <= 4.2.0

TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric <= 4.2.0

TIBCO Silver Fabric Enabler for ActiveMatrix BPM <= 1.4.1

References

http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/04/tibco-se...
x_refsource_MISC
http://www.securityfocus.com/bid/108062
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.7
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.