Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2019-03-26 CVE-2019-8987 Cross-site Scripting vulnerability in Tibco Data Science for AWS and Spotfire Data Science
The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users.
network
low complexity
tibco CWE-79
5.4
2019-03-07 CVE-2019-8986 Unspecified vulnerability in Tibco Jasperreports Server
The SOAP API component vulnerability of TIBCO Software Inc.'s TIBCO JasperReports Server, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that may allow a malicious authenticated user to copy text files from the host operating system.
network
low complexity
tibco
7.7
2019-03-07 CVE-2018-18816 Cross-site Scripting vulnerability in Tibco products
The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability.
network
low complexity
tibco CWE-79
5.4
2019-03-07 CVE-2018-18815 Incorrect Authorization vulnerability in Tibco products
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability that theoretically allows unauthenticated users to bypass authorization checks for portions of the HTTP interface to the JasperReports Server.
network
low complexity
tibco CWE-863
critical
9.8
2019-03-07 CVE-2018-18809 Path Traversal vulnerability in Tibco products
The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
network
low complexity
tibco CWE-22
6.5
2019-03-07 CVE-2018-18808 Race Condition vulnerability in Tibco products
The domain management component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a race-condition vulnerability that may allow any users with domain save privileges to gain superuser privileges.
network
high complexity
tibco CWE-362
7.5
2019-02-13 CVE-2018-12409 Cross-site Scripting vulnerability in Tibco Silver Fabric
The SOAP Admin API component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that may allow reflected cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
6.1
2019-01-16 CVE-2018-18814 Improper Authentication vulnerability in Tibco products
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms.
network
low complexity
tibco CWE-287
critical
9.8
2019-01-16 CVE-2018-18813 Cross-site Scripting vulnerability in Tibco products
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks.
network
low complexity
tibco CWE-79
6.1
2019-01-16 CVE-2018-18812 Incorrect Permission Assignment for Critical Resource vulnerability in Tibco products
The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage.
network
high complexity
tibco CWE-732
5.3