TIBCO ActiveMatrix BusinessWorks and Enterprise Administrator Injection Vulnerability Allowing Information Disclosure

Injection vulnerabilities have been identified in TIBCO ActiveMatrix BusinessWorks 6.x and TIBCO Enterprise Administrator 2.4.3. These vulnerabilities arise from inadequate validation and sanitization of user-supplied input, potentially allowing a malicious authenticated user to inject crafted data that is processed unsafely by the application. This could lead to unintended behavior, including the disclosure of accessible local files and host system details.

Impact

Exploitation of these vulnerabilities could result in unauthorized information disclosure, including local file access and exposure of host system details, and may allow manipulation of application behavior.

Remediation

TIBCO has released patches for this vulnerability in TIBCO ActiveMatrix BusinessWorks versions 6.12.0 HF1, 6.11.0 HF4, 6.10.0 HF6, 6.9.1 HF8, and TIBCO Enterprise Administrator 2.4.3 HF2.