Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2021-01-12 CVE-2020-27148 XXE vulnerability in Tibco EBX Add-Ons
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack.
network
low complexity
tibco CWE-611
5.5
2020-12-15 CVE-2020-27147 Improper Authentication vulnerability in Tibco Partnerexpress 6.2.0
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API.
network
low complexity
tibco CWE-287
6.4
2020-11-10 CVE-2020-27146 Cross-Site Request Forgery (CSRF) vulnerability in Tibco Iprocess Workspace Browser
The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system.
network
tibco CWE-352
6.8
2020-10-20 CVE-2020-9417 SQL Injection vulnerability in Tibco products
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection.
network
low complexity
tibco CWE-89
6.5
2020-09-15 CVE-2020-9416 Cross-Site Scripting vulnerability in Tibco products
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts.
network
tibco CWE-79
3.5
2020-08-18 CVE-2020-9415 Information Exposure vulnerability in Tibco products
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system.
network
low complexity
tibco CWE-200
4.0
2020-08-11 CVE-2019-17339 Unspecified vulnerability in Tibco Silver Fabric
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs.
network
tibco
5.8
2020-06-30 CVE-2020-9414 Cross-Site Scripting vulnerability in Tibco products
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user.
network
low complexity
tibco CWE-79
critical
9.0
2020-06-30 CVE-2020-9413 Cross-Site Scripting vulnerability in Tibco products
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system.
network
tibco CWE-79
critical
9.3
2020-06-09 CVE-2020-9412 Improper Input Validation vulnerability in Tibco Managed File Transfer Platform Server 7.1.0/8.0.0
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer.
network
low complexity
tibco CWE-20
critical
10.0