Vulnerabilities > Tibco
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-10 | CVE-2020-27146 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Iprocess Workspace Browser The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. | 8.8 |
| 2020-10-20 | CVE-2020-9417 | SQL Injection vulnerability in Tibco products The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. | 8.8 |
| 2020-09-15 | CVE-2020-9416 | Cross-site Scripting vulnerability in Tibco products The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. | 5.4 |
| 2020-08-18 | CVE-2020-9415 | Unspecified vulnerability in Tibco products The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. | 6.5 |
| 2020-08-11 | CVE-2019-17339 | Unspecified vulnerability in Tibco Silver Fabric The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. | 8.1 |
| 2020-06-30 | CVE-2020-9414 | Cross-site Scripting vulnerability in Tibco products The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. | 8.8 |
| 2020-06-30 | CVE-2020-9413 | Cross-site Scripting vulnerability in Tibco products The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. | 9.6 |
| 2020-06-09 | CVE-2020-9412 | Unspecified vulnerability in Tibco Managed File Transfer Platform Server 7.1.0/8.0.0 The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer. | 9.8 |
| 2020-06-09 | CVE-2020-9411 | Unspecified vulnerability in Tibco Managed File Transfer Platform Server 7.1.0/8.0.0 The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component. | 9.8 |
| 2020-05-20 | CVE-2020-9410 | Cross-site Scripting vulnerability in multiple products The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). | 8.8 |