CVE-2019-8993

Name of the Vulnerable Software and Affected Versions TIBCO ActiveMatrix BPM versions up to and including 4.2.0 TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0 TIBCO ActiveMatrix Policy Director versions up to and including 1.1.0 TIBCO ActiveMatrix Service Bus versions up to and including 3.3.0 TIBCO ActiveMatrix Service Grid versions up to and including 3.3.1 TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions up to and including 3.3.0 TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1 TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions up to and including 1.3.1

Description The administrative web server component of the affected TIBCO software products contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information.

Recommendations For TIBCO ActiveMatrix BPM versions up to and including 4.2.0, update to a version later than 4.2.0. For TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric versions up to and including 4.2.0, update to a version later than 4.2.0. For TIBCO ActiveMatrix Policy Director versions up to and including 1.1.0, update to a version later than 1.1.0. For TIBCO ActiveMatrix Service Bus versions up to and including 3.3.0, update to a version later than 3.3.0. For TIBCO ActiveMatrix Service Grid versions up to and including 3.3.1, update to a version later than 3.3.1. For TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric versions up to and including 3.3.0, update to a version later than 3.3.0. For TIBCO Silver Fabric Enabler for ActiveMatrix BPM versions up to and including 1.4.1, update to a version later than 1.4.1. For TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid versions up to and including 1.3.1, update to a version later than 1.3.1.