Vulnerabilities > Tibco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-07 | CVE-2010-4498 | Input Validation vulnerability in TIBCO Unspecified vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | 7.5 |
| 2011-01-07 | CVE-2010-4497 | Cross-Site Scripting vulnerability in Tibco Activecatalog and Collaborative Information Manager Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-01-07 | CVE-2010-4496 | SQL Injection vulnerability in Tibco Activecatalog and Collaborative Information Manager Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-12-17 | CVE-2010-4495 | Remote Code Execution vulnerability in TIBCO ActiveMatrix Products Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections. | 9.0 |
| 2010-10-26 | CVE-2010-3491 | Improper Input Validation vulnerability in Tibco products The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors. | 10.0 |
| 2010-02-25 | CVE-2010-0683 | Unspecified vulnerability in Tibco Administrator 5.4.0/5.6.0 Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials. network tibco | 6.0 |
| 2010-01-14 | CVE-2010-0184 | Permissions, Privileges, and Access Controls vulnerability in Tibco Runtime Agent The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors. | 7.2 |
| 2009-04-30 | CVE-2009-1291 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd. | 10.0 |
| 2008-08-13 | CVE-2008-3338 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. | 10.0 |
| 2008-04-11 | CVE-2008-1704 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco Enterprise Message Service and Iprocess Engine Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server. | 10.0 |