Vulnerability Details CVE-2020-27148
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.5%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 5.5
References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx
- https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-ons
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx
- https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-ons
Products affected by CVE-2020-27148
-
cpe:2.3:a:tibco:ebx_add-ons:-
-
cpe:2.3:a:tibco:ebx_add-ons:3.20.13
-
cpe:2.3:a:tibco:ebx_add-ons:3.20.19
-
cpe:2.3:a:tibco:ebx_add-ons:4.1.0
-
cpe:2.3:a:tibco:ebx_add-ons:4.2.0
-
cpe:2.3:a:tibco:ebx_add-ons:4.2.1
-
cpe:2.3:a:tibco:ebx_add-ons:4.2.2
-
cpe:2.3:a:tibco:ebx_add-ons:4.3.0
-
cpe:2.3:a:tibco:ebx_add-ons:4.3.1
-
cpe:2.3:a:tibco:ebx_add-ons:4.3.2
-
cpe:2.3:a:tibco:ebx_add-ons:4.3.3
-
cpe:2.3:a:tibco:ebx_add-ons:4.3.4
-
cpe:2.3:a:tibco:ebx_add-ons:4.4.0
-
cpe:2.3:a:tibco:ebx_add-ons:4.4.1
-
cpe:2.3:a:tibco:ebx_add-ons:4.4.2