← Back
2026-03-17 18:20CVE-2026-3207tibco
PUBLISHED5.2CWE-306

TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability

Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.

Problem type

Affected products

TIBCO

TIBCO BPM Enterprise

< 5 - AFFECTED

References

community.tibco.com

https://community.tibco.com/advisories/tibco-security-advisory-march-17-2026-tibco-bpm-enterprise-cve-2026-3207-r226/

JSON source

https://cveawg.mitre.org/api/cve/CVE-2026-3207
Click to expand
{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "cveMetadata": {
    "cveId": "CVE-2026-3207",
    "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
    "assignerShortName": "tibco",
    "dateUpdated": "2026-03-17T18:49:27.505Z",
    "dateReserved": "2026-02-25T15:39:30.380Z",
    "datePublished": "2026-03-17T18:20:16.934Z",
    "state": "PUBLISHED"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
        "shortName": "tibco",
        "dateUpdated": "2026-03-17T18:20:16.934Z"
      },
      "title": "TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability",
      "descriptions": [
        {
          "lang": "en",
          "value": "Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.",
          "supportingMedia": [
            {
              "type": "text/html",
              "base64": false,
              "value": "Configuration issue&nbsp;in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access."
            }
          ]
        }
      ],
      "affected": [
        {
          "vendor": "TIBCO",
          "product": "TIBCO BPM Enterprise",
          "modules": [
            "Java Management Extensions (JMX)"
          ],
          "defaultStatus": "unaffected",
          "versions": [
            {
              "version": "4.3",
              "status": "affected",
              "versionType": "Patch",
              "lessThan": "5"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "CWE-306 Missing authentication for critical function",
              "cweId": "CWE-306",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        {
          "url": "https://community.tibco.com/advisories/tibco-security-advisory-march-17-2026-tibco-bpm-enterprise-cve-2026-3207-r226/"
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ]
    },
    "adp": [
      {
        "providerMetadata": {
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP",
          "dateUpdated": "2026-03-17T18:49:27.505Z"
        },
        "title": "CISA ADP Vulnrichment",
        "metrics": [
          {}
        ]
      }
    ]
  }
}