CVE-2023-26216 Vulnerability Details

  /     /     /  

CVE-2023-26216 Metadata Quick Info

CVE Published: 25/05/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: tibco | Vendor: TIBCO Software Inc. | Product: TIBCO EBX Add-ons
Status : PUBLISHED

CVE-2023-26216 Description

The server component of TIBCO Software Inc.\'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.\'s TIBCO EBX Add-ons: versions 4.5.16 and below.

Metrics

CVSS Version: 3.1 | Base Score: 9.1 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: An application administrator without access to the underlying server could upload files that may be evaluated by the web server allowing them to perform actions with the privileges of the web server.
Source: TIBCO Software Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-26216 Vulnerability Details