CVE-2023-26216

Summary

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO EBX Add-ons0 <= 4.5.16affected

Weaknesses

  • An application administrator without access to the underlying server could upload files that may be evaluated by the web server allowing them to perform actions with the privileges of the web server.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References