Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2018-05-01 CVE-2017-5535 Inadequate Encryption Strength vulnerability in Tibco Datasynapse Gridserver Manager
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc.
high complexity
tibco CWE-326
6.8
2018-04-17 CVE-2018-5431 Cross-site Scripting vulnerability in Tibco products
The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
5.4
2018-04-17 CVE-2018-5430 Path Traversal vulnerability in Tibco products
The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files.
network
low complexity
tibco CWE-22
8.8
2018-04-17 CVE-2018-5429 Unspecified vulnerability in Tibco products
A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution.
network
low complexity
tibco
8.8
2017-12-13 CVE-2017-5534 Unspecified vulnerability in Tibco Tibbr
The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component.
network
low complexity
tibco
8.8
2017-12-13 CVE-2017-5530 Unspecified vulnerability in Tibco Tibbr
The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges.
network
low complexity
tibco
8.1
2017-12-11 CVE-2017-16789 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface.
network
low complexity
integrationmatters tibco CWE-79
4.8
2017-11-15 CVE-2017-5533 Unspecified vulnerability in Tibco products
A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files.
network
low complexity
tibco
critical
9.8
2017-11-15 CVE-2017-5532 Cross-site Scripting vulnerability in Tibco products
A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks.
network
low complexity
tibco CWE-79
5.4
2017-10-17 CVE-2017-5531 Unspecified vulnerability in Tibco products
Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications.
network
low complexity
tibco
8.8