CVE-2023-26217

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 19, 2023

Updated: Jul 28, 2023

CWE ID 89

Summary

CVE-2023-26217 is a vulnerability affecting the Data Exchange Add-on component of TIBCO EBX Add-ons. This issue permits a low-privileged user with import permissions and network access to execute arbitrary SQL statements on the affected system. Impacted versions include TIBCO EBX Add-ons 4.5.17 and below, 5.6.2 and below, and 6.1.0. A successful exploit could lead to unauthorized data access or manipulation, posing a significant risk to organizational security. Users are advised to update their software to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Tibco Ebx Add-ons

Affected Vendors

TIBCO Software Corporation

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sCfDd7
https://www.cve.org/CVERecord?id=CVE-2023-26217
https://nvd.nist.gov/vuln/detail/CVE-2023-26217

Back to Vulnerability Database