CVE-2026-3912

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.

CVSS

No CVSS.

References

Link	Resource
https://community.tibco.com/advisories/tibco-security-advisory-march-24-2026-tibco-activematrix-businessworks-cve-2026-3912-r227/

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-24 21:16

Updated : 2026-03-25 15:41

NVD link : CVE-2026-3912

Mitre link : CVE-2026-3912

CVE.ORG link : CVE-2026-3912

JSON object : View

Products Affected

No product.

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2026-3912", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security@tibco.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-24T21:16:29.440", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-march-24-2026-tibco-activematrix-businessworks-cve-2026-3912-r227/", "source": "security@tibco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Injection vulnerabilities due to validation/sanitisation of user-supplied input in\u00a0ActiveMatrix BusinessWorks and\u00a0Enterprise Administrator allows\u00a0information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour."}, {"lang": "es", "value": "Vulnerabilidades de inyecci\u00f3n debido a la validaci\u00f3n/sanitizaci\u00f3n de la entrada proporcionada por el usuario en ActiveMatrix BusinessWorks y Enterprise Administrator permite la revelaci\u00f3n de informaci\u00f3n, incluyendo la exposici\u00f3n de archivos locales accesibles y detalles del sistema anfitri\u00f3n, y puede permitir la manipulaci\u00f3n del comportamiento de la aplicaci\u00f3n."}], "lastModified": "2026-03-25T15:41:58.280", "sourceIdentifier": "security@tibco.com"}

CVE-2026-3912

JSON object

Attach tags to CVE-2026-3912

Attach tags to `CVE-2026-3912`