CVE-2019-8990

EPSS 0.94%
Published 09.04.2019 18:29:00
Last modified 21.11.2024 04:50:46
Source security@tibco.com
Teams watchlist Login
Open Login

The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Tibco ≫ Activematrix Businessworks Version <= 6.4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.94%	0.74

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
security@tibco.com	9.1	3.9	5.2	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.tibco.com/services/support/advisories

Vendor Advisory

http://www.securityfocus.com/bid/107840

Third Party Advisory

Broken Link

VDB Entry

https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-8990

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-8990

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-8990

EUVD