Vulnerabilities > Tibco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-09-02 | CVE-2011-3133 | Unspecified vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. network tibco | 4.3 |
| 2011-09-02 | CVE-2011-3132 | Cross-Site Scripting vulnerability in Tibco Spotfire Analytics Server and Spotfire Server Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-05-20 | CVE-2011-2021 | Cross-Site Scripting vulnerability in Tibco Iprocess Engine and Iprocess Workspace Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors. network tibco | 4.3 |
| 2011-05-20 | CVE-2011-2020 | Cross-Site Scripting vulnerability in Tibco Iprocess Engine and Iprocess Workspace Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-03-22 | CVE-2011-1414 | Cross-Site Scripting vulnerability in Tibco Tibbr and Tibbr Service Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2011-01-07 | CVE-2010-4499 | Input Validation vulnerability in TIBCO Session fixation vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to hijack web sessions via unspecified vectors. network tibco | 4.3 |
| 2011-01-07 | CVE-2010-4497 | Cross-Site Scripting vulnerability in Tibco Activecatalog and Collaborative Information Manager Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-02-25 | CVE-2010-0683 | Unspecified vulnerability in Tibco Administrator 5.4.0/5.6.0 Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials. network tibco | 6.0 |
| 2007-08-03 | CVE-2007-4161 | Denial-Of-Service vulnerability in Tibco Rendezvous 7.5.2 rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. network tibco | 4.3 |
| 2007-08-03 | CVE-2007-4160 | Remote Security vulnerability in Tibco Rendezvous 7.5.2 The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. | 5.0 |