CVE-2019-8990: TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication
First published: Tue Apr 09 2019(Updated: )
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO ActiveMatrix BusinessWorks | <=6.4.2 |
Remedy
TIBCO has released updated versions of the affected systems which address these issues. TIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/tibco
- canonical/tibco activematrix businessworks
- version/tibco activematrix businessworks/6.4.2