CVE-2026-3912

Summary

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.

Affected Software

VendorProductVersion RangeStatus
TibcoActiveMatrix BusinessWorks6.12.0 < HF1affected
TibcoActiveMatrix BusinessWorks6.11.0 < HF4affected
TibcoActiveMatrix BusinessWorks6.10.0 < HF6affected
TibcoActiveMatrix BusinessWorks6.9.1 < HF8affected
TibcoEnterprise Administrator2.4.3 < HF2affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References