{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-26215","assignerOrgId":"4f830c72-39e4-45f6-a99f-78cc01ae04db","state":"PUBLISHED","assignerShortName":"tibco","dateReserved":"2023-02-20T22:18:23.427Z","datePublished":"2023-05-25T18:41:43.701Z","dateUpdated":"2025-01-16T18:38:07.866Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unknown","product":"TIBCO EBX Add-ons","vendor":"TIBCO Software Inc.","versions":[{"lessThanOrEqual":"4.5.16","status":"affected","version":"0","versionType":"semver"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application  access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.</p>"}],"value":"The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application  access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"description":"Any application user can potentially read files that would normally only be accessible by server administrators.","lang":"en"}]}],"providerMetadata":{"orgId":"4f830c72-39e4-45f6-a99f-78cc01ae04db","shortName":"tibco","dateUpdated":"2023-05-25T18:41:43.701Z"},"references":[{"url":"https://www.tibco.com/services/support/advisories"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>TIBCO has released updated versions of the affected components which address these issues.</p><p>TIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or later</p>"}],"value":"TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO EBX Add-ons versions 4.5.16 and below: update to version 4.5.17 or later\n\n"}],"source":{"discovery":"UNKNOWN"},"title":"TIBCO EBX® Add-ons Path Traversal","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T11:46:23.331Z"},"title":"CVE Program Container","references":[{"url":"https://www.tibco.com/services/support/advisories","tags":["x_transferred"]}]},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-203","lang":"en","description":"CWE-203 Observable Discrepancy"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-01-16T18:37:11.120890Z","id":"CVE-2023-26215","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-01-16T18:38:07.866Z"}}]}}