Arbitrary file upload in Tibco Activematrix_bpm
CVE-2019-8992
The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Servic…
Vulnerability class: Unrestricted File Upload
EPSS: 0.022 (80.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Tibco Activematrix_bpm
- Tibco Activematrix_policy_director
- Tibco Activematrix_service_bus
- Tibco Activematrix_service_grid
- Tibco Silver_fabric_enabler
- Tibco Software Inc. Activematrix Bpm — versions unspecified
- Tibco Software Inc. Activematrix Bpm Distribution For Silver Fabric — versions unspecified
- Tibco Software Inc. Activematrix Policy Director — versions unspecified
- Tibco Software Inc. Activematrix Service Bus — versions unspecified
- Tibco Software Inc. Activematrix Service Grid — versions unspecified
Weakness classification (CWE)
References
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
Frequently asked questions
- What is CVE-2019-8992?
- CVE-2019-8992 is a high-severity vulnerability in Tibco Activematrix_bpm, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2019-04-24.
- How severe is CVE-2019-8992?
- High severity. CVSS v3 base score is 8.8 out of 10.