Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-16	CVE-2018-18812	Incorrect Permission Assignment for Critical Resource vulnerability in Tibco products The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. network high complexity tibco CWE-732	5.3
2018-11-26	CVE-2018-18807	Cross-site Scripting vulnerability in Tibco Statistica Server 13.3.0/13.4.0 The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. network low complexity tibco CWE-79	5.4
2018-07-24	CVE-2017-3180	Cross-site Scripting vulnerability in Tibco products Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. network low complexity tibco CWE-79	5.4
2018-06-13	CVE-2018-5434	XXE vulnerability in Tibco Runtime Agent The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. network low complexity tibco CWE-611	6.5
2018-06-13	CVE-2018-5433	XXE vulnerability in Tibco Administrator The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. network low complexity tibco CWE-611	6.5
2018-06-13	CVE-2018-5432	Cross-site Scripting vulnerability in Tibco Administrator The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. network low complexity tibco CWE-79	5.4
2018-05-01	CVE-2017-5536	Cross-site Scripting vulnerability in Tibco Datasynapse Gridserver Manager The GridServer Broker, and GridServer Director components of TIBCO Software Inc. network low complexity tibco CWE-79	5.4
2018-05-01	CVE-2017-5535	Inadequate Encryption Strength vulnerability in Tibco Datasynapse Gridserver Manager The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. high complexity tibco CWE-326	6.8
2018-04-17	CVE-2018-5431	Cross-site Scripting vulnerability in Tibco products The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. network low complexity tibco CWE-79	5.4
2017-12-11	CVE-2017-16789	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users management panel of the web interface. network low complexity integrationmatters tibco CWE-79	4.8