CVE-2020-27148
HIGHTIBCO EBX Add-ons < 4.4.2 - XML External Entity Injection
Title source: llmDescription
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.tibco.com/services/support/advisories
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx
Vendor Advisory x_refsource_confirm
https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-ons
Scores
CVSS v3
7.1
EPSS
0.0057
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
Details
CWE
CWE-611
Status
published
Products (1)
tibco/ebx_add-ons
< 4.4.2
Published
Jan 12, 2021
Tracked Since
Feb 18, 2026