First published: Tue Apr 09 2019(Updated: )
The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
Credit: security@tibco.com security@tibco.com
Affected Software | Affected Version | How to fix |
---|---|---|
TIBCO ActiveMatrix BusinessWorks | <=6.4.2 | |
<=6.4.2 |
TIBCO has released updated versions of the affected systems which address these issues. TIBCO ActiveMatrix BusinessWorks versions 6.4.2 and below update to 6.5.0 or higher.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.