Vulnerabilities > Tibco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-13 | CVE-2024-4576 | Path Traversal vulnerability in Tibco EBX The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. | 5.3 |
| 2023-11-14 | CVE-2023-26222 | Cross-site Scripting vulnerability in Tibco EBX The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. | 5.4 |
| 2023-10-10 | CVE-2023-26220 | Cross-site Scripting vulnerability in Tibco Spotfire Analyst and Spotfire Server The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. | 5.4 |
| 2023-05-25 | CVE-2023-26215 | Path Traversal vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. | 6.5 |
| 2023-02-22 | CVE-2022-41565 | Cross-site Scripting vulnerability in Tibco products The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. | 5.4 |
| 2023-02-22 | CVE-2022-41566 | Cross-site Scripting vulnerability in Tibco EBX Add-Ons The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. | 5.4 |
| 2023-02-22 | CVE-2022-41567 | Cross-site Scripting vulnerability in Tibco Businessconnect The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. | 5.4 |
| 2023-02-22 | CVE-2023-26214 | Cross-site Scripting vulnerability in Tibco Businessconnect The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. | 5.4 |
| 2023-02-14 | CVE-2022-41564 | Unspecified vulnerability in Tibco Hawk and Operational Intelligence Hawk Redtail The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. | 6.5 |
| 2022-12-13 | CVE-2022-41563 | Cross-site Scripting vulnerability in Tibco Jasperreports Server 8.1.0 The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. | 5.4 |