CVE-2019-8995

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1.

CVSS v3 6.1 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/108062	Broken Link Third Party Advisory VDB Entry
http://www.tibco.com/services/support/advisories	Vendor Advisory
https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:tibco:activematrix_bpm::::::::
	cpe:2.3:a:tibco:activematrix_bpm::::::silver_fabric::*
	cpe:2.3:a:tibco:silver_fabric_enabler::::::activematrix_bpm::*

History

14 Oct 2022, 09:35

Type	Values Removed	Values Added
References	~~(BID) http://www.securityfocus.com/bid/108062 - Third Party Advisory, VDB Entry~~	(BID) http://www.securityfocus.com/bid/108062 - Broken Link, Third Party Advisory, VDB Entry

Information

Published : 2019-04-24 21:29

Updated : 2023-12-10 12:59

NVD link : CVE-2019-8995

Mitre link : CVE-2019-8995

CVE.ORG link : CVE-2019-8995

JSON object : View

Products Affected

tibco

silver_fabric_enabler
activematrix_bpm

CWE

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

{"id": "CVE-2019-8995", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Secondary", "source": "security@tibco.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-04-24T21:29:01.523", "references": [{"url": "http://www.securityfocus.com/bid/108062", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "security@tibco.com"}, {"url": "http://www.tibco.com/services/support/advisories", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}, {"url": "https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995", "tags": ["Vendor Advisory"], "source": "security@tibco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1."}, {"lang": "es", "value": "El cliente de espacio de trabajo, el cliente de espacio abierto y el cliente de desarrollo de aplicaciones de TIBCO Software Inc. de TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric y TIBCO Silver Fabric Enabler para ActiveMatrix BPM contienen una vulnerabilidad en la que una URL maliciosa podr\u00eda enga\u00f1ar a un usuario para que visite un sitio web elegido por el atacante. Las versiones afectadas son TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versiones hasta 4.2.0 inclusive, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versiones hasta 4.2.0 inclusive, y TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versiones hasta 1.4.1 inclusive."}], "lastModified": "2022-10-14T09:35:41.853", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A533C8A0-3C54-4096-8C29-22E287CB682F", "versionEndIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:tibco:activematrix_bpm:*:*:*:*:*:silver_fabric:*:*", "vulnerable": true, "matchCriteriaId": "B01AFA33-D029-48E1-B748-0E828F13F6A7", "versionEndIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:tibco:silver_fabric_enabler:*:*:*:*:*:activematrix_bpm:*:*", "vulnerable": true, "matchCriteriaId": "85EFD5DF-F39D-4737-82A4-3E10BBF3EF2C", "versionEndIncluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "security@tibco.com"}