CVE-2023-26217

Name of the Vulnerable Software and Affected Versions TIBCO EBX Add-ons versions 4.5.17 and below TIBCO EBX Add-ons versions 5.6.2 and below TIBCO EBX Add-ons version 6.1.0

Description The vulnerability in TIBCO EBX is related to the lack of protection of the SQL query structure, allowing a remote attacker to execute arbitrary SQL statements. A low-privileged user with import permissions and network access to the EBX server can exploit this issue. The vulnerability allows the execution of arbitrary SQL statements on the affected system.

Recommendations For TIBCO EBX Add-ons versions 4.5.17 and below, update to a version above 4.5.17 to resolve the issue. For TIBCO EBX Add-ons versions 5.6.2 and below, update to a version above 5.6.2 to resolve the issue. For TIBCO EBX Add-ons version 6.1.0, consider disabling the import functionality for low-privileged users until a patch is available.