TIBCO EBX Add-ons Arbitrary File Write
CVE-2023-26216

9.1CRITICAL

Key Information:

Vendor
Tibco
Status
Tibco Ebx Add-ons
Vendor
CVE Published:
25 May 2023

Summary

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons is affected by a file upload vulnerability, permitting unauthorized attackers to upload files to a directory that is accessible by the web server. This flaw is present in TIBCO EBX Add-ons versions 4.5.16 and earlier, allowing for potential exploitation that can lead to more severe security incidents.

Affected Version(s)

TIBCO EBX Add-ons 0 <= 4.5.16

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.