The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107840 | Broken Link Third Party Advisory VDB Entry |
http://www.tibco.com/services/support/advisories | Vendor Advisory |
https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks | Vendor Advisory |
http://www.securityfocus.com/bid/107840 | Broken Link Third Party Advisory VDB Entry |
http://www.tibco.com/services/support/advisories | Vendor Advisory |
https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks | Vendor Advisory |
Configurations
History
21 Nov 2024, 04:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.securityfocus.com/bid/107840 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.tibco.com/services/support/advisories - Vendor Advisory | |
References | () https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks - Vendor Advisory |
Information
Published : 2019-04-09 18:29
Updated : 2024-11-21 04:50
NVD link : CVE-2019-8990
Mitre link : CVE-2019-8990
CVE.ORG link : CVE-2019-8990
JSON object : View
Products Affected
tibco
- activematrix_businessworks
CWE
CWE-287
Improper Authentication