TIBCO EBX EXML External Entity
CVE-2020-27148

7.1HIGH

Key Information:

Vendor: Tibco
Status: Tibco Ebx Add-ons
Vendor: CVE Published:; 12 January 2021

What is CVE-2020-27148?

The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.

Affected Version(s)

TIBCO EBX Add-ons <= 4.4.2

References

http://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2021/01/tibco-se...

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2021/01/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 12, 2021
Vulnerability Reserved
Oct 14, 2020

Tibco

What is CVE-2020-27148?

Affected Version(s)

References

CVSS V3.1

Timeline