Vulnerabilities > Tibco

DATE CVE VULNERABILITY TITLE RISK
2020-11-10 CVE-2020-27146 Cross-Site Request Forgery (CSRF) vulnerability in Tibco Iprocess Workspace Browser
The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system.
network
low complexity
tibco CWE-352
8.8
2020-10-20 CVE-2020-9417 SQL Injection vulnerability in Tibco products
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection.
network
low complexity
tibco CWE-89
8.8
2020-09-15 CVE-2020-9416 Cross-site Scripting vulnerability in Tibco products
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts.
network
low complexity
tibco CWE-79
5.4
2020-08-18 CVE-2020-9415 Unspecified vulnerability in Tibco products
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system.
network
low complexity
tibco
6.5
2020-08-11 CVE-2019-17339 Unspecified vulnerability in Tibco Silver Fabric
The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs.
network
low complexity
tibco
8.1
2020-06-30 CVE-2020-9414 Cross-site Scripting vulnerability in Tibco products
The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user.
network
low complexity
tibco CWE-79
8.8
2020-06-30 CVE-2020-9413 Cross-site Scripting vulnerability in Tibco products
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system.
network
low complexity
tibco CWE-79
critical
9.6
2020-06-09 CVE-2020-9412 Unspecified vulnerability in Tibco Managed File Transfer Platform Server 7.1.0/8.0.0
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows execution of arbitrary commands at the privilege level of the affected system following a failed file transfer.
network
low complexity
tibco
critical
9.8
2020-06-09 CVE-2020-9411 Unspecified vulnerability in Tibco Managed File Transfer Platform Server 7.1.0/8.0.0
The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible to the affected component.
network
low complexity
tibco
critical
9.8
2020-05-20 CVE-2020-9410 Cross-site Scripting vulnerability in multiple products
The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s).
network
low complexity
tibco oracle CWE-79
8.8