The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now!
A chart showing the TIBCO Platform vision
Jump to content
  • TIBCO Security Advisory: June 11, 2024 - TIBCO EBX - CVE-2024-4576


    TIBCO EBX File Inclusion Vulnerability


    Original release date: June 11, 2024
    Last revised: June 12, 2024
    CVE-2024-4576
    Source: TIBCO Software Inc.


    Products Affected

    TIBCO EBX versions 5.9.25 and below
    TIBCO EBX versions 6.1.3 HF2 and below


    Component affected:

    EBX Add-ons

    Description

    The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.


    Impact

    The impact of this vulnerability includes the theoretical possibility of an attacker accessing sensitive files that may lead to the leakage of confidential data.

    CVSS v3.1 Base Score: 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)


    Solution:

    TIBCO has released updated versions of the affected systems, which address this issue:
    TIBCO EBX versions 5.9.25 and below: update to version 5.9.26 or later
    TIBCO EBX versions 6.0.x : update to version 6.1.3 HF3 or later
    TIBCO EBX versions 6.1.3 HF2 and below: update to version 6.1.3 HF3 or later

    References

    https://community.tibco.com/advisories/ 

    CVE-2024-4576

     

    Changelog

    June 11, 2024 - Initial publication

    June 11, 2024 - Updated "Products Affected" 

    June 27, 2024 - Updated 'Solution' to address affected 5.9 build



×
×
  • Create New...