The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.
An application administrator without access to the underlying server could upload files that may be evaluated by the web server allowing them to perform actions with the privileges of the web server.
Type: N/A
CWE ID: N/A
Description: An application administrator without access to the underlying server could upload files that may be evaluated by the web server allowing them to perform actions with the privileges of the web server.
Metrics
Version
Base score
Base severity
Vector
3.1
9.1
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Version:3.1
Base score:9.1
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC ID
Description
Solutions
TIBCO has released updated versions of the affected components which address these issues.
TIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or later