Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2022-02-15 CVE-2021-43049 Unspecified vulnerability in Tibco Businessconnect
The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system.
network
low complexity
tibco
critical
10.0
2022-02-15 CVE-2021-43050 Unspecified vulnerability in Tibco Businessconnect
The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system.
local
low complexity
tibco
7.2
2022-02-15 CVE-2022-22770 Unspecified vulnerability in Tibco Auditsafe
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system.
network
low complexity
tibco
critical
9.0
2022-01-19 CVE-2022-22769 Cross-site Scripting vulnerability in Tibco EBX
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system.
network
tibco CWE-79
6.0
2022-01-12 CVE-2021-35500 Unspecified vulnerability in Tibco products
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system.
local
low complexity
tibco
2.1
2022-01-11 CVE-2021-43052 Use of Hard-coded Credentials vulnerability in Tibco FTL
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system.
network
low complexity
tibco CWE-798
5.0
2022-01-11 CVE-2021-43053 Unspecified vulnerability in Tibco FTL
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server.
network
low complexity
tibco
5.0
2022-01-11 CVE-2021-43054 Unspecified vulnerability in Tibco Eftl
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions.
network
low complexity
tibco
6.5
2022-01-11 CVE-2021-43055 Unspecified vulnerability in Tibco Eftl
The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system.
network
low complexity
tibco
6.5
2021-12-14 CVE-2021-43051 Unspecified vulnerability in Tibco Spotfire Server
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it.
network
tibco
8.5