Search
Find a vulnerability
Search criteria
2 vulnerabilities found for ActiveMatrix BusinessWorks by Tibco
CVE-2026-3912 (GCVE-0-2026-3912)
Vulnerability from nvd – Published: 2026-03-24 20:44 – Updated: 2026-03-25 13:33
VLAI
Title
TIBCO ActiveMatrix BusinessWorks Injection Vulnerability
Summary
Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tibco | ActiveMatrix BusinessWorks |
Affected:
6.12.0 , < HF1
(Hotfix)
Affected: 6.11.0 , < HF4 (Hotfix) Affected: 6.10.0 , < HF6 (Hotfix) Affected: 6.9.1 , < HF8 (Hotfix) |
|
| Tibco | Enterprise Administrator |
Affected:
2.4.3 , < HF2
(Hotfix)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:33:20.540890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:33:23.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ActiveMatrix BusinessWorks",
"vendor": "Tibco",
"versions": [
{
"lessThan": "HF1",
"status": "affected",
"version": "6.12.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF4",
"status": "affected",
"version": "6.11.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF6",
"status": "affected",
"version": "6.10.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF8",
"status": "affected",
"version": "6.9.1",
"versionType": "Hotfix"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Administrator",
"vendor": "Tibco",
"versions": [
{
"lessThan": "HF2",
"status": "affected",
"version": "2.4.3",
"versionType": "Hotfix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan\u003eInjection vulnerabilities due to validation/sanitisation of user-supplied input in\u0026nbsp;ActiveMatrix BusinessWorks and\u0026nbsp;Enterprise Administrator allows\u0026nbsp;information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "Injection vulnerabilities due to validation/sanitisation of user-supplied input in\u00a0ActiveMatrix BusinessWorks and\u00a0Enterprise Administrator allows\u00a0information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T20:44:06.781Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-24-2026-tibco-activematrix-businessworks-cve-2026-3912-r227/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO ActiveMatrix BusinessWorks Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2026-3912",
"datePublished": "2026-03-24T20:44:06.781Z",
"dateReserved": "2026-03-11T04:50:22.400Z",
"dateUpdated": "2026-03-25T13:33:23.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-3912 (GCVE-0-2026-3912)
Vulnerability from cvelistv5 – Published: 2026-03-24 20:44 – Updated: 2026-03-25 13:33
VLAI
Title
TIBCO ActiveMatrix BusinessWorks Injection Vulnerability
Summary
Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Tibco | ActiveMatrix BusinessWorks |
Affected:
6.12.0 , < HF1
(Hotfix)
Affected: 6.11.0 , < HF4 (Hotfix) Affected: 6.10.0 , < HF6 (Hotfix) Affected: 6.9.1 , < HF8 (Hotfix) |
|
| Tibco | Enterprise Administrator |
Affected:
2.4.3 , < HF2
(Hotfix)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-3912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-25T13:33:20.540890Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-25T13:33:23.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ActiveMatrix BusinessWorks",
"vendor": "Tibco",
"versions": [
{
"lessThan": "HF1",
"status": "affected",
"version": "6.12.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF4",
"status": "affected",
"version": "6.11.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF6",
"status": "affected",
"version": "6.10.0",
"versionType": "Hotfix"
},
{
"lessThan": "HF8",
"status": "affected",
"version": "6.9.1",
"versionType": "Hotfix"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Enterprise Administrator",
"vendor": "Tibco",
"versions": [
{
"lessThan": "HF2",
"status": "affected",
"version": "2.4.3",
"versionType": "Hotfix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan\u003eInjection vulnerabilities due to validation/sanitisation of user-supplied input in\u0026nbsp;ActiveMatrix BusinessWorks and\u0026nbsp;Enterprise Administrator allows\u0026nbsp;information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "Injection vulnerabilities due to validation/sanitisation of user-supplied input in\u00a0ActiveMatrix BusinessWorks and\u00a0Enterprise Administrator allows\u00a0information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T20:44:06.781Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-24-2026-tibco-activematrix-businessworks-cve-2026-3912-r227/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO ActiveMatrix BusinessWorks Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2026-3912",
"datePublished": "2026-03-24T20:44:06.781Z",
"dateReserved": "2026-03-11T04:50:22.400Z",
"dateUpdated": "2026-03-25T13:33:23.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}