TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability

The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0.

N/A

N/A

TIBCO ActiveMatrix BusinessWorks BusinessWorks engine组件安全漏洞

TIBCO ActiveMatrix BusinessWorks是美国TIBCO软件公司的一套基于业界标准的解决方案。该产品能够与其他ActiveMatrix产品共融，支持用户进行服务创建、编制和整合等。BusinessWorks engine是其中的一个工作流程自动化引擎。 TIBCO ActiveMatrix BusinessWorks中的BusinessWorks engine组件存在XML外部实体注入漏洞。攻击者可利用该漏洞泄露BusinessWorks引擎可访问的文件内容。以下版本受到影响：TI

N/A

N/A