Vulnerabilities > Tibco > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-13 | CVE-2018-12416 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Datasynapse Gridserver Manager The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). | 6.8 |
| 2018-11-06 | CVE-2018-12415 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Enterprise Message Service The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. | 6.8 |
| 2018-11-06 | CVE-2018-12414 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco products The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. | 6.8 |
| 2018-11-06 | CVE-2018-12413 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Messaging - Apache Kafka Distribution - Schema Repository 1.0.0 The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. | 6.8 |
| 2018-11-06 | CVE-2018-12412 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco FTL The realm server (tibrealmserver) component of TIBCO Software Inc. | 6.8 |
| 2018-11-06 | CVE-2018-12411 | Cross-Site Request Forgery (CSRF) vulnerability in Tibco Activespaces The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. | 6.8 |
| 2018-08-08 | CVE-2018-12408 | XXE vulnerability in Tibco products The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. | 5.0 |
| 2018-06-27 | CVE-2018-5437 | Unspecified vulnerability in Tibco products The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. | 4.0 |
| 2018-06-27 | CVE-2018-5436 | Information Exposure vulnerability in Tibco products The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. | 4.0 |
| 2018-06-13 | CVE-2018-5434 | XXE vulnerability in Tibco Runtime Agent The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. | 6.8 |