Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2019-11-12 CVE-2019-17331 Cross-site Scripting vulnerability in Tibco EBX Add-Ons 3.20.13/4.1.0
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.
network
tibco CWE-79
3.5
2019-11-12 CVE-2019-17330 Cross-site Scripting vulnerability in Tibco EBX
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks.
network
tibco CWE-79
4.3
2019-10-09 CVE-2019-11212 Cross-site Scripting vulnerability in Tibco Master Data Management
The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks.
network
tibco CWE-79
3.5
2019-09-18 CVE-2019-11211 Unspecified vulnerability in Tibco products
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances.
network
low complexity
tibco
critical
9.0
2019-09-18 CVE-2019-11210 Unspecified vulnerability in Tibco products
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component.
network
low complexity
tibco
critical
10.0
2019-08-20 CVE-2019-11209 Unspecified vulnerability in Tibco FTL 6.0.0/6.0.1/6.1.0
The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls.
network
low complexity
tibco
6.5
2019-08-13 CVE-2019-11207 Cross-Site Request Forgery (CSRF) vulnerability in Tibco products
The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks.
network
tibco CWE-352
6.8
2019-08-08 CVE-2019-11208 Unspecified vulnerability in Tibco API Exchange Gateway
The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes.
network
low complexity
tibco
6.5
2019-08-05 CVE-2019-3800 Information Exposure vulnerability in multiple products
CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user authenticates with --client-credentials flag.
2.1
2019-05-14 CVE-2019-11206 Unspecified vulnerability in Tibco products
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks.
network
low complexity
tibco
5.3