Vulnerabilities > Tibco > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2021-28820 | Uncontrolled Search Path Element vulnerability in Tibco FTL The FTL Server (tibftlserver), FTL C API, FTL Golang API, FTL Java API, and FTL .Net API components of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. | 7.8 |
| 2021-03-23 | CVE-2021-28819 | Incorrect Authorization vulnerability in Tibco FTL The Windows Installation component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. | 7.8 |
| 2021-03-23 | CVE-2021-28818 | Unspecified vulnerability in Tibco Rendezvous The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), Rendezvous Secure C API, Rendezvous Java API, and Rendezvous .Net API components of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. | 7.8 |
| 2021-03-23 | CVE-2021-28817 | Unspecified vulnerability in Tibco Rendezvous The Windows Installation component of TIBCO Software Inc.'s TIBCO Rendezvous and TIBCO Rendezvous Developer Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. | 7.8 |
| 2021-02-02 | CVE-2021-23271 | Cross-site Scripting vulnerability in Tibco EBX The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. | 8.0 |
| 2021-01-12 | CVE-2020-27148 | XXE vulnerability in Tibco EBX Add-Ons The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. | 7.1 |
| 2020-11-10 | CVE-2020-27146 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Iprocess Workspace Browser The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. | 8.8 |
| 2020-10-20 | CVE-2020-9417 | SQL Injection vulnerability in Tibco products The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. | 8.8 |
| 2020-08-11 | CVE-2019-17339 | Unspecified vulnerability in Tibco Silver Fabric The VirtualRouter component of TIBCO Software Inc.'s TIBCO Silver Fabric contains a vulnerability that theoretically allows an attacker to inject scripts via URLs. | 8.1 |
| 2020-06-30 | CVE-2020-9414 | Cross-site Scripting vulnerability in Tibco products The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. | 8.8 |