What is the severity of CVE-2019-8995?

CVE-2019-8995 is classified as a high-severity vulnerability due to the potential for exploitation by malicious URLs.

What products are affected by CVE-2019-8995?

CVE-2019-8995 affects TIBCO ActiveMatrix BPM versions up to 4.2.0 and TIBCO Silver Fabric Enabler versions up to 1.4.1.

How do I fix CVE-2019-8995?

To mitigate CVE-2019-8995, update TIBCO ActiveMatrix BPM to a version beyond 4.2.0 or apply the recommended patches from TIBCO.

What could happen if CVE-2019-8995 is exploited?

Exploitation of CVE-2019-8995 could allow attackers to execute arbitrary code via malicious URLs.

Is there a workaround for CVE-2019-8995 while I prepare to update?

While a specific workaround for CVE-2019-8995 is not provided, it is advisable to restrict access to the affected components as a temporary measure.

Vulnerability/
CVE-2019-8995

medium

6.1

CWE

601

24/4/2019

21/11/2024

CVE-2019-8995: TIBCO ActiveMatrix BPM Open Redirect Vulnerability

First published: Wed Apr 24 2019(Updated: )

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

Credit: security@tibco.com security@tibco.com

Affected Software	Affected Version	How to fix
TIBCO ActiveMatrix Business Process Management	<=4.2.0
TIBCO ActiveMatrix Business Process Management	<=4.2.0
TIBCO Silver Fabric Enabler	<=1.4.1

Remedy

TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO ActiveMatrix BPM versions 4.2.0 and below update to version 4.3.0 or higher TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions 4.2.0 and below update to 4.3.0 or higher TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions 1.4.1 and below update to version 1.4.2 or higher

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-8995?
CVE-2019-8995 is classified as a high-severity vulnerability due to the potential for exploitation by malicious URLs.
What products are affected by CVE-2019-8995?
CVE-2019-8995 affects TIBCO ActiveMatrix BPM versions up to 4.2.0 and TIBCO Silver Fabric Enabler versions up to 1.4.1.
How do I fix CVE-2019-8995?
To mitigate CVE-2019-8995, update TIBCO ActiveMatrix BPM to a version beyond 4.2.0 or apply the recommended patches from TIBCO.
What could happen if CVE-2019-8995 is exploited?
Exploitation of CVE-2019-8995 could allow attackers to execute arbitrary code via malicious URLs.
Is there a workaround for CVE-2019-8995 while I prepare to update?
While a specific workaround for CVE-2019-8995 is not provided, it is advisable to restrict access to the affected components as a temporary measure.

agent/type
agent/remedy
agent/references
agent/severity
agent/weakness
agent/title
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/author
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/tibco
canonical/tibco activematrix business process management
version/tibco activematrix business process management/4.2.0
canonical/tibco silver fabric enabler
version/tibco silver fabric enabler/1.4.1