Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2013-05-31 CVE-2013-3315 Permissions, Privileges, and Access Controls vulnerability in Tibco Silver Mobile 1.1.0
The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors.
network
low complexity
tibco CWE-264
6.5
2013-03-15 CVE-2013-2373 Permissions, Privileges, and Access Controls vulnerability in Tibco Spotfire web Player
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
network
low complexity
tibco CWE-264
6.4
2013-03-15 CVE-2013-2372 Cross-Site Scripting vulnerability in Tibco Spotfire web Player
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
tibco CWE-79
4.3
2013-03-15 CVE-2013-2371 Information Exposure vulnerability in Tibco Spotfire Statistics Services 3.3/4.5.0/5.0.0
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.
network
low complexity
tibco CWE-200
5.0
2012-10-24 CVE-2012-5302 Permissions, Privileges, and Access Controls vulnerability in Tibco Formvine
The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
network
low complexity
tibco CWE-264
7.5
2012-03-13 CVE-2012-0690 Information Exposure vulnerability in Tibco products
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
network
low complexity
tibco CWE-200
5.0
2012-03-13 CVE-2012-0689 Information Exposure vulnerability in Tibco products
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors.
network
low complexity
tibco CWE-200
5.0
2012-03-13 CVE-2012-0688 Cross-Site Scripting vulnerability in Tibco products
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
tibco CWE-79
4.3
2012-03-13 CVE-2012-0687 Information Exposure vulnerability in Tibco products
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL.
network
low complexity
tibco CWE-200
5.0
2011-09-19 CVE-2011-3424 Cross-Site Scripting vulnerability in Tibco products
Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors.
network
tibco
4.3