CVE-2020-27148

Name: CVE-2020-27148
Creator: NVD / NIST
Published: 2021-01-12T18:15:13.033+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 1.05%

Last modified Jun 17, 2026

CVE-2020-27148 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.. EPSS estimates a 1.05% chance of exploitation in the next 30 days.

Description

The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.

Metrics

CVSS 3.1

7.1/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

EPSS Probability

1.05%

60.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-611

Affected Software

Vendor	Product	Versions
Tibco	Ebx Add-Ons	<= 4.4.2

References

http://www.tibco.com/services/support/advisoriesVendor Advisory
https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebxVendor Advisory
https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-onsVendor Advisory
http://www.tibco.com/services/support/advisoriesVendor Advisory
https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebxVendor Advisory
https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-onsVendor Advisory

Timeline

Published: Jan 12, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-27148?

How severe is CVE-2020-27148?

CVE-2020-27148 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 1.05% probability of exploitation in the next 30 days.

How do I fix CVE-2020-27148?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-27148?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST