Vulnerabilities > Tibco > EBX ADD ONS > 4.4.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-19 | CVE-2023-26217 | SQL Injection vulnerability in Tibco EBX Add-Ons The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. | 8.8 |
| 2023-05-25 | CVE-2023-26215 | Path Traversal vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. | 6.5 |
| 2023-05-25 | CVE-2023-26216 | Path Traversal vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. | 7.2 |
| 2023-02-22 | CVE-2022-41566 | Cross-site Scripting vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. | 5.4 |
| 2022-09-21 | CVE-2022-30578 | Cross-site Scripting vulnerability in Tibco EBX Add-Ons The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. | 9.0 |
| 2022-01-19 | CVE-2022-22769 | Cross-site Scripting vulnerability in Tibco EBX and EBX Add-Ons The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. | 9.0 |