What is the severity of CVE-2019-8994?

CVE-2019-8994 has been assessed as having a moderate severity level.

How do I fix CVE-2019-8994?

To fix CVE-2019-8994, upgrade to patched versions of TIBCO ActiveMatrix BPM or TIBCO Silver Fabric as specified in security advisories.

Who is affected by CVE-2019-8994?

Users of TIBCO ActiveMatrix BPM versions up to 4.2.0 and TIBCO Silver Fabric Enabler up to 1.4.1 are affected by CVE-2019-8994.

What are the potential impacts of CVE-2019-8994?

CVE-2019-8994 could allow an authenticated user to change critical settings, potentially leading to unauthorized system behavior.

Is there a workaround for CVE-2019-8994?

Currently, there are no documented workarounds for CVE-2019-8994, and updating to the latest version is recommended.

Vulnerability/
CVE-2019-8994

medium

5.4

24/4/2019

21/11/2024

CVE-2019-8994: TIBCO ActiveMatrix BPM Escalation of Privileges Vulnerability

First published: Wed Apr 24 2019(Updated: )

The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact other users. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

Credit: security@tibco.com security@tibco.com

Affected Software	Affected Version	How to fix
TIBCO ActiveMatrix Business Process Management	<=4.2.0
TIBCO ActiveMatrix Business Process Management	<=4.2.0
TIBCO Silver Fabric Enabler	<=1.4.1

Remedy

TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-8994?
CVE-2019-8994 has been assessed as having a moderate severity level.
How do I fix CVE-2019-8994?
To fix CVE-2019-8994, upgrade to patched versions of TIBCO ActiveMatrix BPM or TIBCO Silver Fabric as specified in security advisories.
Who is affected by CVE-2019-8994?
Users of TIBCO ActiveMatrix BPM versions up to 4.2.0 and TIBCO Silver Fabric Enabler up to 1.4.1 are affected by CVE-2019-8994.
What are the potential impacts of CVE-2019-8994?
CVE-2019-8994 could allow an authenticated user to change critical settings, potentially leading to unauthorized system behavior.
Is there a workaround for CVE-2019-8994?
Currently, there are no documented workarounds for CVE-2019-8994, and updating to the latest version is recommended.

agent/type
agent/remedy
agent/references
agent/severity
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/author
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/tibco
canonical/tibco activematrix business process management
version/tibco activematrix business process management/4.2.0
canonical/tibco silver fabric enabler
version/tibco silver fabric enabler/1.4.1