CVE-2026-3207

| EUVD-2026-12625 HIGH
2026-03-17 tibco
8.7
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2026-12625
CVE Published
Mar 17, 2026 - 18:20 nvd
HIGH 8.7

Tags

Java Authentication Bypass

Description

Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.

Analysis

Unauthenticated attackers can gain unauthorized access to TIBCO BPM Enterprise 4.x through a misconfigured Java Management Extensions (JMX) interface, potentially allowing full system compromise. This vulnerability affects the availability, integrity, and confidentiality of affected systems with no patch currently available.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Audit all TIBCO BPM Enterprise 4.x instances for JMX exposure and document findings; isolate affected systems from untrusted networks if possible. Within 7 days: Implement network-level controls to restrict JMX port access (default 9010) to authorized administrators only; apply WAF rules to block unauthorized JMX requests. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

44
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +44
POC: 0

Share

CVE-2026-3207 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy