Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2011-01-07 CVE-2010-4497 Cross-Site Scripting vulnerability in Tibco Activecatalog and Collaborative Information Manager
Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
tibco CWE-79
4.3
2011-01-07 CVE-2010-4496 SQL Injection vulnerability in Tibco Activecatalog and Collaborative Information Manager
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
tibco CWE-89
7.5
2010-12-17 CVE-2010-4495 Remote Code Execution vulnerability in TIBCO ActiveMatrix Products
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.
network
low complexity
tibco
critical
9.0
2010-10-26 CVE-2010-3491 Improper Input Validation vulnerability in Tibco products
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.
network
low complexity
tibco CWE-20
critical
10.0
2010-02-25 CVE-2010-0683 Unspecified vulnerability in Tibco Administrator 5.4.0/5.6.0
Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials.
network
tibco
6.0
2010-01-14 CVE-2010-0184 Permissions, Privileges, and Access Controls vulnerability in Tibco Runtime Agent
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.
local
low complexity
tibco CWE-264
7.2
2009-04-30 CVE-2009-1291 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products
Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.
network
low complexity
tibco CWE-119
critical
10.0
2008-08-13 CVE-2008-3338 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
network
low complexity
tibco CWE-119
critical
10.0
2008-04-11 CVE-2008-1704 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco Enterprise Message Service and Iprocess Engine
Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.
network
low complexity
tibco CWE-119
critical
10.0
2008-04-11 CVE-2008-1703 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tibco products
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
network
tibco CWE-119
critical
9.3