CVE-2018-12408— TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability

TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.

N/A

N/A

TIBCO ActiveMatrix BusinessWorks BusinessWorks engine组件安全漏洞

TIBCO ActiveMatrix BusinessWorks是美国TIBCO软件公司的一套基于业界标准的解决方案。该产品能够与其他ActiveMatrix产品共融，支持用户进行服务创建、编制和整合等。BusinessWorks engine是其中的一个工作流程自动化引擎。 TIBCO ActiveMatrix BusinessWorks中的BusinessWorks engine组件存在XML外部实体注入漏洞。攻击者可利用该漏洞泄露BusinessWorks引擎可访问的文件内容。以下版本受到影响：TI

N/A

N/A