Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2018-08-08 CVE-2018-12408 XXE vulnerability in Tibco products
The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc.
network
low complexity
tibco CWE-611
5.0
2018-07-24 CVE-2017-3181 SQL Injection vulnerability in Tibco products
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.
network
low complexity
tibco CWE-89
7.5
2018-07-24 CVE-2017-3180 Cross-site Scripting vulnerability in Tibco products
Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
network
tibco CWE-79
3.5
2018-06-27 CVE-2018-5437 Unspecified vulnerability in Tibco products
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure.
network
low complexity
tibco
4.0
2018-06-27 CVE-2018-5436 Information Exposure vulnerability in Tibco products
The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials.
network
low complexity
tibco CWE-200
4.0
2018-06-27 CVE-2018-5435 Unspecified vulnerability in Tibco products
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution.
network
low complexity
tibco
critical
10.0
2018-06-20 CVE-2018-5428 Command Injection vulnerability in Tibco Data Virtualization 7.0.5/7.0.6
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution.
network
low complexity
tibco CWE-77
critical
9.0
2018-06-13 CVE-2018-5434 XXE vulnerability in Tibco Runtime Agent
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information.
network
low complexity
tibco CWE-611
6.8
2018-06-13 CVE-2018-5433 XXE vulnerability in Tibco Administrator
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information.
network
low complexity
tibco CWE-611
6.8
2018-06-13 CVE-2018-5432 Cross-site Scripting vulnerability in Tibco Administrator
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them.
network
tibco CWE-79
3.5