Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2021-35500 Unspecified vulnerability in Tibco products
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system.
local
low complexity
tibco
2.1
2022-01-11 CVE-2021-43052 Use of Hard-coded Credentials vulnerability in Tibco FTL
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system.
network
low complexity
tibco CWE-798
5.0
2022-01-11 CVE-2021-43053 Unspecified vulnerability in Tibco FTL
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server.
network
low complexity
tibco
5.0
2022-01-11 CVE-2021-43054 Unspecified vulnerability in Tibco Eftl
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions.
network
low complexity
tibco
6.5
2022-01-11 CVE-2021-43055 Improper Privilege Management vulnerability in Tibco Eftl
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system.
network
low complexity
tibco CWE-269
6.5
2021-12-14 CVE-2021-43051 Incorrect Authorization vulnerability in Tibco Spotfire Server
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it.
network
tibco CWE-863
8.5
2021-11-16 CVE-2021-43046 Unspecified vulnerability in Tibco Partnerexpress
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system.
network
tibco
critical
9.3
2021-11-16 CVE-2021-43047 Cross-site Scripting vulnerability in Tibco Partnerexpress
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system.
network
tibco CWE-79
8.5
2021-11-16 CVE-2021-43048 Improper Restriction of Rendered UI Layers or Frames vulnerability in Tibco Partnerexpress
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system.
network
low complexity
tibco CWE-1021
critical
10.0
2021-10-26 CVE-2021-35499 Cross-site Scripting vulnerability in Tibco Nimbus
The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system.
network
tibco CWE-79
3.5