CVE-2026-3207 Java — Exploit & Vulnerability Details HIGH

Parameter	Value
CVSS	8.7 (HIGH)
Type	CWE-306 (Missing Authentication for Critical Function)
Vendor	Java
Public PoC	No

Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.

Attack Parameters

Attack Vector

Adjacent

Requires local network access

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

High

Complete data modification

Availability

High

Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-306 Missing Authentication for Critical Function

References 1

https://community.tibco.com/advisories/tibco-security-advisory-march-17-2026-ti…

security@tibco.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-25534

Io.Spinnaker.Clouddriver

9.1

CVE-2026-4285

Java

5.1

CVE-2026-4284

Java

5.1

CVE-2026-4243

Java

2.0

CVE-2026-4242

Java

2.0

Menu

CVE-2026-3207

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-25534

CVE-2026-4285

CVE-2026-4284

CVE-2026-4243

CVE-2026-4242

CVE Details

Editor's Choice

Menu

CVE-2026-3207

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-25534

CVE-2026-4285

CVE-2026-4284

CVE-2026-4243

CVE-2026-4242

CVE Details

Editor's Choice

Stay informed on cybersecurity