Vulnerabilities > Tibco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2021-35500 | Unspecified vulnerability in Tibco products The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. | 2.1 |
| 2022-01-11 | CVE-2021-43052 | Use of Hard-coded Credentials vulnerability in Tibco FTL The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. | 5.0 |
| 2022-01-11 | CVE-2021-43053 | Unspecified vulnerability in Tibco FTL The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. | 5.0 |
| 2022-01-11 | CVE-2021-43054 | Unspecified vulnerability in Tibco Eftl The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. | 6.5 |
| 2022-01-11 | CVE-2021-43055 | Improper Privilege Management vulnerability in Tibco Eftl The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. | 6.5 |
| 2021-12-14 | CVE-2021-43051 | Incorrect Authorization vulnerability in Tibco Spotfire Server The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. | 8.5 |
| 2021-11-16 | CVE-2021-43046 | Unspecified vulnerability in Tibco Partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. | 9.3 |
| 2021-11-16 | CVE-2021-43047 | Cross-site Scripting vulnerability in Tibco Partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. | 8.5 |
| 2021-11-16 | CVE-2021-43048 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Tibco Partnerexpress The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. | 10.0 |
| 2021-10-26 | CVE-2021-35499 | Cross-site Scripting vulnerability in Tibco Nimbus The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. | 3.5 |