Vulnerabilities > Tibco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-17 | CVE-2019-17336 | Unspecified vulnerability in Tibco products The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. | 4.0 |
| 2019-12-17 | CVE-2019-17335 | Information Exposure vulnerability in Tibco products The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. | 4.0 |
| 2019-12-17 | CVE-2019-17334 | Incorrect Default Permissions vulnerability in Tibco products The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. | 6.0 |
| 2019-11-12 | CVE-2019-17332 | Cross-site Scripting vulnerability in Tibco EBX Add-Ons The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. | 4.3 |
| 2019-11-12 | CVE-2019-17330 | Cross-site Scripting vulnerability in Tibco EBX The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. | 4.3 |
| 2019-08-20 | CVE-2019-11209 | Unspecified vulnerability in Tibco FTL 6.0.0/6.0.1/6.1.0 The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. | 6.5 |
| 2019-08-13 | CVE-2019-11207 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco products The web server component of TIBCO Software Inc.'s TIBCO LogLogic Enterprise Virtual Appliance, and TIBCO LogLogic Log Management Intelligence contains multiple vulnerabilities that theoretically allow persistent and reflected cross-site scripting (XSS) attacks, as well as cross-site request forgery (CSRF) attacks. | 6.8 |
| 2019-08-08 | CVE-2019-11208 | Unspecified vulnerability in Tibco API Exchange Gateway The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. | 6.5 |
| 2019-05-14 | CVE-2019-11206 | Unspecified vulnerability in Tibco products The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. | 5.3 |
| 2019-05-14 | CVE-2019-11205 | Cross-site Scripting vulnerability in Tibco products The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. | 4.3 |