CVE-2020-27148

Published: Jan 12, 2021Modified: Nov 21, 2024

7.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Exploitability: 2.8 / Impact: 4.2

Source: NVD

Description

The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.

Affected (1)

Products: Tibco: Ebx Add Ons

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tibco Ebx Add Ons	Up to 4.4.2

Related CWEs

Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References (6)

http://www.tibco.com/services/support/advisories

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx

Source: security@tibco.com

Vendor Advisory

https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-ons

Source: security@tibco.com

Vendor Advisory

http://www.tibco.com/services/support/advisories

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-ons

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.