Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2023-02-22 CVE-2022-41565 Cross-site Scripting vulnerability in Tibco products
The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system.
network
low complexity
tibco CWE-79
5.4
2023-02-22 CVE-2022-41566 Cross-site Scripting vulnerability in Tibco EBX Add-Ons
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system.
network
low complexity
tibco CWE-79
5.4
2023-02-22 CVE-2022-41567 Cross-site Scripting vulnerability in Tibco Businessconnect
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system.
network
low complexity
tibco CWE-79
5.4
2023-02-22 CVE-2023-26214 Cross-site Scripting vulnerability in Tibco Businessconnect
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system.
network
low complexity
tibco CWE-79
5.4
2023-02-14 CVE-2022-41564 Unspecified vulnerability in Tibco Hawk and Operational Intelligence Hawk Redtail
The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user.
network
low complexity
tibco
6.5
2022-12-13 CVE-2022-41561 Unspecified vulnerability in Tibco Jasperreports Server 8.1.0
The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system.
network
low complexity
tibco
7.2
2022-12-13 CVE-2022-41562 Cross-site Scripting vulnerability in Tibco Jasperreports Server 8.1.0
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system.
network
low complexity
tibco CWE-79
8.4
2022-12-13 CVE-2022-41563 Cross-site Scripting vulnerability in Tibco Jasperreports Server 8.1.0
The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system.
network
low complexity
tibco CWE-79
5.4
2022-12-06 CVE-2022-41559 Open Redirect vulnerability in Tibco Nimbus 10.5.0
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system.
network
low complexity
tibco CWE-601
critical
9.3
2022-12-06 CVE-2022-41560 Unspecified vulnerability in Tibco Nimbus 10.5.0
The Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system.
network
low complexity
tibco
6.5