Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2024-06-13 CVE-2024-4576 Path Traversal vulnerability in Tibco EBX
The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.
network
low complexity
tibco CWE-22
5.3
2023-11-14 CVE-2023-26222 Cross-site Scripting vulnerability in Tibco EBX
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system.
network
low complexity
tibco CWE-79
5.4
2023-11-08 CVE-2023-26221 Insufficiently Protected Credentials vulnerability in Tibco products
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files.
local
low complexity
tibco CWE-522
3.9
2023-10-25 CVE-2023-26219 Use of Hard-coded Credentials vulnerability in Tibco products
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers.
network
low complexity
tibco CWE-798
8.8
2023-10-10 CVE-2023-26220 Cross-site Scripting vulnerability in Tibco Spotfire Analyst and Spotfire Server
The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system.
network
low complexity
tibco CWE-79
5.4
2023-09-29 CVE-2023-26218 Cross-site Scripting vulnerability in Tibco Nimbus
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system.
network
low complexity
tibco CWE-79
critical
9.0
2023-07-19 CVE-2023-26217 SQL Injection vulnerability in Tibco EBX Add-Ons
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system.
network
low complexity
tibco CWE-89
8.8
2023-05-25 CVE-2023-26215 Path Traversal vulnerability in Tibco EBX Add-Ons
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server.
network
low complexity
tibco CWE-22
6.5
2023-05-25 CVE-2023-26216 Path Traversal vulnerability in Tibco EBX Add-Ons
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server.
network
low complexity
tibco CWE-22
7.2
2023-04-26 CVE-2023-29268 Unrestricted Upload of File with Dangerous Type vulnerability in Tibco Spotfire Statistics Services
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system.
network
low complexity
tibco CWE-434
critical
9.8