TIBCO EBX® Add-ons Path Traversal
CVE-2023-26215

6.5MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Ebx Add-ons
Vendor: CVE Published:; 25 May 2023

Summary

The server component of TIBCO EBX Add-ons by TIBCO Software Inc. contains a weakness that enables attackers with minimal application privileges to access and read sensitive system files that are within the reach of the web server. This vulnerability affects versions 4.5.16 and earlier, posing a risk of unauthorized information disclosure, which could lead to further exploitation if sensitive data is disclosed.

Affected Version(s)

TIBCO EBX Add-ons 0 <= 4.5.16

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 25, 2023
Vulnerability Reserved
Feb 20, 2023