Vulnerabilities > Tibco > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-26219 Use of Hard-coded Credentials vulnerability in Tibco products
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers.
network
low complexity
tibco CWE-798
8.8
2023-07-19 CVE-2023-26217 SQL Injection vulnerability in Tibco EBX Add-Ons
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system.
network
low complexity
tibco CWE-89
8.8
2023-05-25 CVE-2023-26216 Path Traversal vulnerability in Tibco EBX Add-Ons
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server.
network
low complexity
tibco CWE-22
7.2
2022-12-13 CVE-2022-41561 Unspecified vulnerability in Tibco Jasperreports Server 8.1.0
The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system.
network
low complexity
tibco
7.2
2022-12-13 CVE-2022-41562 Cross-site Scripting vulnerability in Tibco Jasperreports Server 8.1.0
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system.
network
low complexity
tibco CWE-79
8.4
2022-03-30 CVE-2022-22772 Unspecified vulnerability in Tibco Managed File Transfer Platform Server
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system.
network
tibco
8.5
2022-03-15 CVE-2022-22771 Path Traversal vulnerability in Tibco Jasperreports Library and Jasperreports Server
The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.
network
low complexity
tibco CWE-22
8.8
2022-02-15 CVE-2021-43050 Unspecified vulnerability in Tibco Businessconnect
The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system.
local
low complexity
tibco
7.2
2021-12-14 CVE-2021-43051 Unspecified vulnerability in Tibco Spotfire Server
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it.
network
tibco
8.5
2021-11-16 CVE-2021-43047 Cross-site Scripting vulnerability in Tibco Partnerexpress
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system.
network
tibco CWE-79
8.5