Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2020-05-20 CVE-2020-9409 Incorrect Default Permissions vulnerability in multiple products
The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems.
network
low complexity
tibco oracle CWE-276
critical
9.8
2020-03-11 CVE-2020-9408 Incorrect Default Permissions vulnerability in Tibco products
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted.
network
low complexity
tibco CWE-276
8.8
2020-02-19 CVE-2019-17333 Cross-site Scripting vulnerability in Tibco EBX
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
5.4
2020-01-28 CVE-2019-17338 Cross-site Scripting vulnerability in Tibco Patterns - Search
The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
5.4
2019-12-17 CVE-2019-17337 Cross-site Scripting vulnerability in Tibco products
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack.
network
low complexity
tibco CWE-79
5.4
2019-12-17 CVE-2019-17336 Unspecified vulnerability in Tibco products
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources.
network
low complexity
tibco
6.5
2019-12-17 CVE-2019-17335 Unspecified vulnerability in Tibco products
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to.
network
low complexity
tibco
6.5
2019-12-17 CVE-2019-17334 Incorrect Default Permissions vulnerability in Tibco products
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system.
network
low complexity
tibco CWE-276
8.0
2019-11-12 CVE-2019-17332 Cross-site Scripting vulnerability in Tibco EBX Add-Ons
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
5.4
2019-11-12 CVE-2019-17331 Cross-site Scripting vulnerability in Tibco EBX Add-Ons 3.20.13/4.1.0
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
5.4