TIBCO EBX Add-ons SQL Injection Vulnerability
CVE-2023-26217

8.8HIGH

Key Information:

Vendor: Tibco Software Inc.
Status: Tibco Ebx Add-ons
Vendor: CVE Published:; 19 July 2023

Summary

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.

Affected Version(s)

TIBCO EBX Add-ons 0 <= 4.5.17

TIBCO EBX Add-ons 0 <= 5.6.2

TIBCO EBX Add-ons 6.1.0

References

https://www.tibco.com/services/support/advisories

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 19, 2023
Vulnerability Reserved
Feb 20, 2023

Collectors

NVD DatabaseMitre Database