CVE-2026-3912 | THREATINT

Description

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.

PUBLISHED Reserved 2026-03-11 | Published 2026-03-24 | Updated 2026-03-25 | Assigner tibco

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

Product status

Default status

unaffected

6.12.0 (Hotfix) before HF1

affected

6.11.0 (Hotfix) before HF4

affected

6.10.0 (Hotfix) before HF6

affected

6.9.1 (Hotfix) before HF8

affected

Default status

unaffected

2.4.3 (Hotfix) before HF2

affected

References

community.tibco.com/...rix-businessworks-cve-2026-3912-r227/

cve.org (CVE-2026-3912)

nvd.nist.gov (CVE-2026-3912)

Download JSON