CVE-2019-8992

Name of the Vulnerable Software and Affected Versions TIBCO ActiveMatrix BPM versions up to and including 4.2.0 TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0 TIBCO ActiveMatrix Policy Director versions up to and including 1.1.0 TIBCO ActiveMatrix Service Bus versions up to and including 3.3.0 TIBCO ActiveMatrix Service Grid versions up to and including 3.3.1 TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions up to and including 3.3.0 TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1 TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions up to and including 1.3.1

Description The administrative server component of TIBCO Software Inc.'s products contains a vulnerability that allows a user without privileges to upload distributed application archives and potentially execute arbitrary code on ActiveMatrix Service Grid nodes.

Recommendations For TIBCO ActiveMatrix BPM versions up to and including 4.2.0, update to a version later than 4.2.0. For TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0, update to a version later than 4.2.0. For TIBCO ActiveMatrix Policy Director versions up to and including 1.1.0, update to a version later than 1.1.0. For TIBCO ActiveMatrix Service Bus versions up to and including 3.3.0, update to a version later than 3.3.0. For TIBCO ActiveMatrix Service Grid versions up to and including 3.3.1, update to a version later than 3.3.1. For TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions up to and including 3.3.0, update to a version later than 3.3.0. For TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1, update to a version later than 1.4.1. For TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions up to and including 1.3.1, update to a version later than 1.3.1.