Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2018-12-11 CVE-2018-18810 Unspecified vulnerability in Tibco products
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems.
network
low complexity
tibco
critical
9.9
2018-11-26 CVE-2018-18807 Cross-site Scripting vulnerability in Tibco Statistica Server 13.3.0/13.4.0
The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
5.4
2018-11-13 CVE-2018-12416 Cross-Site Request Forgery (CSRF) vulnerability in Tibco Datasynapse Gridserver Manager
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF).
network
low complexity
tibco CWE-352
8.8
2018-11-06 CVE-2018-12415 Cross-Site Request Forgery (CSRF) vulnerability in Tibco Enterprise Message Service
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.
network
low complexity
tibco CWE-352
8.8
2018-11-06 CVE-2018-12414 Cross-Site Request Forgery (CSRF) vulnerability in Tibco products
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks.
network
low complexity
tibco CWE-352
8.8
2018-11-06 CVE-2018-12413 Cross-Site Request Forgery (CSRF) vulnerability in Tibco Messaging - Apache Kafka Distribution - Schema Repository 1.0.0
The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.
network
low complexity
tibco CWE-352
8.8
2018-11-06 CVE-2018-12412 Cross-Site Request Forgery (CSRF) vulnerability in Tibco FTL
The realm server (tibrealmserver) component of TIBCO Software Inc.
network
low complexity
tibco CWE-352
8.8
2018-11-06 CVE-2018-12411 Cross-Site Request Forgery (CSRF) vulnerability in Tibco Activespaces
The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks.
network
low complexity
tibco CWE-352
8.8
2018-10-10 CVE-2018-12410 Unspecified vulnerability in Tibco Spotfire Statistics Services
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code.
network
low complexity
tibco
critical
9.8
2018-08-08 CVE-2018-12408 XXE vulnerability in Tibco products
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc.
network
low complexity
tibco CWE-611
7.5