Refine your search
1 vulnerability found for Enterprise Administrator by Tibco
CVE-2026-3912 (GCVE-0-2026-3912)
Vulnerability from cvelistv5
Published
2026-03-24 20:44
Modified
2026-03-25 13:33
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Tibco | ActiveMatrix BusinessWorks |
Version: 6.12.0 Version: 6.11.0 Version: 6.10.0 Version: 6.9.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:33:20.540890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:33:23.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ActiveMatrix BusinessWorks",
"vendor": "Tibco",
"versions": [
{
"lessThan": "HF1",
"status": "affected",
"version": "6.12.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF4",
"status": "affected",
"version": "6.11.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF6",
"status": "affected",
"version": "6.10.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF8",
"status": "affected",
"version": "6.9.1",
"versionType": "Hotfix"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Administrator",
"vendor": "Tibco",
"versions": [
{
"lessThan": "HF2",
"status": "affected",
"version": "2.4.3",
"versionType": "Hotfix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan\u003eInjection vulnerabilities due to validation/sanitisation of user-supplied input in\u0026nbsp;ActiveMatrix BusinessWorks and\u0026nbsp;Enterprise Administrator allows\u0026nbsp;information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "Injection vulnerabilities due to validation/sanitisation of user-supplied input in\u00a0ActiveMatrix BusinessWorks and\u00a0Enterprise Administrator allows\u00a0information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T20:44:06.781Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-24-2026-tibco-activematrix-businessworks-cve-2026-3912-r227/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO ActiveMatrix BusinessWorks Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2026-3912",
"datePublished": "2026-03-24T20:44:06.781Z",
"dateReserved": "2026-03-11T04:50:22.400Z",
"dateUpdated": "2026-03-25T13:33:23.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}