CVE-2026-3912

HIGH

TIBCO ActiveMatrix BusinessWorks Injection Vulnerability

Title source: cna

Description

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.

References (1)

https://community.tibco.com/advisories/tibco-security-advisory-march-24-2026-tibco-activematrix-businessworks-cve-2026-3912-r227/

Scores

CVSS v4 8.7

EPSS 0.0004

EPSS Percentile 10.5%

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-20

Status published

Products (5)

Tibco/ActiveMatrix BusinessWorks 6.10.0 - HF6

Tibco/ActiveMatrix BusinessWorks 6.11.0 - HF4

Tibco/ActiveMatrix BusinessWorks 6.12.0 - HF1

Tibco/ActiveMatrix BusinessWorks 6.9.1 - HF8

Tibco/Enterprise Administrator 2.4.3 - HF2

Published Mar 24, 2026

Tracked Since Mar 25, 2026