CVE-2019-8990

The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 6.4.2.
Configurations

Configuration 1 (hide)

cpe:2.3:a:tibco:activematrix_businessworks:*:*:*:*:*:*:*:*

History

21 Nov 2024, 04:50

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/107840 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/107840 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.tibco.com/services/support/advisories - Vendor Advisory () http://www.tibco.com/services/support/advisories - Vendor Advisory
References () https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks - Vendor Advisory () https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-9-2019-tibco-activematrix-businessworks - Vendor Advisory

Information

Published : 2019-04-09 18:29

Updated : 2024-11-21 04:50


NVD link : CVE-2019-8990

Mitre link : CVE-2019-8990

CVE.ORG link : CVE-2019-8990


JSON object : View

Products Affected

tibco

  • activematrix_businessworks
CWE
CWE-287

Improper Authentication