CVE-2023-26217 HIGH

CVE-2023-26217: TIBCO EBX Add-ons SQL Injection Vulnerability

Vendor Tibco Software Inc.
Product TIBCO EBX Add-ons
Weakness CWE-89 · SQLi
Published July 19, 2023
Last update October 24, 2024

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.

Key dates

02Disclosure timeline

July 19, 2023 CVE published
October 24, 2024 Record updated