Auth bypass in Tibco Activematrix_bpm
CVE-2019-8993
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Se…
Vulnerability class: Broken Authentication
EPSS: 0.025 (82.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Tibco Activematrix_bpm
- Tibco Activematrix_policy_director
- Tibco Activematrix_service_bus
- Tibco Activematrix_service_grid
- Tibco Silver_fabric_enabler
- Tibco Software Inc. Activematrix Bpm — versions unspecified
- Tibco Software Inc. Activematrix Bpm Distribution For Silver Fabric — versions unspecified
- Tibco Software Inc. Activematrix Policy Director — versions unspecified
- Tibco Software Inc. Activematrix Service Bus — versions unspecified
- Tibco Software Inc. Activematrix Service Grid — versions unspecified
Weakness classification (CWE)
References
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (x_refsource_MISC, Vendor Advisory)
- security@tibco.com (VDB Entry, Third Party Advisory, vdb-entry, Broken Link, x_refsource_BID)
Frequently asked questions
- What is CVE-2019-8993?
- CVE-2019-8993 is a critical-severity vulnerability in Tibco Activematrix_bpm, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2019-04-24.
- How severe is CVE-2019-8993?
- Critical severity. CVSS v3 base score is 9.8 out of 10.