TIBCO EBX Add-ons Path Traversal
Original release date: May 25, 2023
Last revised: ---
Source: TIBCO SoftwareInc.
TIBCO EBX Add-ons versions 4.5.16 and below
The following component is affected:
The component listed above contains an exploitable vulnerability that allows
an attacker to upload files to a directory accessible by the web server.
An application administrator without access to the underlying server could
upload files that may be evaluated by the web server allowing them to perform
actions with the privileges of the web server.
CVSS v3.1 Base Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)
TIBCO has released updated versions of the affected systems which address this
TIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or