Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-28820 Uncontrolled Search Path Element vulnerability in Tibco FTL
The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-427
7.8
2021-03-23 CVE-2021-28819 Incorrect Authorization vulnerability in Tibco FTL
The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco CWE-863
7.8
2021-03-23 CVE-2021-28818 Unspecified vulnerability in Tibco Rendezvous
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software.
local
low complexity
tibco
7.8
2021-03-23 CVE-2021-28817 Unspecified vulnerability in Tibco Rendezvous
The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software.
local
low complexity
tibco
7.8
2021-03-23 CVE-2021-23274 Improper Restriction of Rendered UI Layers or Frames vulnerability in Tibco products
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system.
network
low complexity
tibco CWE-1021
critical
9.8
2021-03-09 CVE-2021-23273 Cross-site Scripting vulnerability in Tibco products
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system.
network
low complexity
tibco CWE-79
5.4
2021-02-02 CVE-2021-23271 Cross-site Scripting vulnerability in Tibco EBX
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system.
network
low complexity
tibco CWE-79
8.0
2021-01-26 CVE-2021-23272 Cross-site Scripting vulnerability in Tibco products
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system.
network
low complexity
tibco CWE-79
5.4
2021-01-12 CVE-2020-27148 XXE vulnerability in Tibco EBX Add-Ons
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack.
network
low complexity
tibco CWE-611
7.1
2020-12-15 CVE-2020-27147 Unspecified vulnerability in Tibco Partnerexpress 6.2.0
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API.
network
low complexity
tibco
6.5