Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-11208

Summary
Assigner-tibco
Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db
Published At-08 Aug, 2019 | 15:36
Updated At-17 Sep, 2024 | 02:53
Rejected At-
Credits

TIBCO API Exchange Processes OAuth Incorrectly

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:tibco
Assigner Org ID:4f830c72-39e4-45f6-a99f-78cc01ae04db
Published At:08 Aug, 2019 | 15:36
Updated At:17 Sep, 2024 | 02:53
Rejected At:
▼CVE Numbering Authority (CNA)
TIBCO API Exchange Processes OAuth Incorrectly

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.

Affected Products
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO API Exchange Gateway
Versions
Affected
  • 2.3.1 and prior
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric
Versions
Affected
  • 2.3.1 and prior
Problem Types
TypeCWE IDDescription
textN/AThe impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.
Type: text
CWE ID: N/A
Description: The impact of this vulnerability includes the theoretical possibility that an attacker could gain access to all scopes defined for a given customer endpoint.
Metrics
VersionBase scoreBase severityVector
3.06.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Version: 3.0
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

TIBCO has released updated versions of the affected systems which address these issues. TIBCO API Exchange Gateway versions 2.3.1 and below update to version 2.3.2 or higher TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and below update to version 2.3.2 or higher

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange
x_refsource_CONFIRM
Hyperlink: http://www.tibco.com/services/support/advisories
Resource:
x_refsource_MISC
Hyperlink: https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_MISC
x_transferred
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.tibco.com/services/support/advisories
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@tibco.com
Published At:08 Aug, 2019 | 16:15
Updated At:29 Mar, 2023 | 16:20

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specific customer endpoint, when the implementation uses multiple scopes. This issue affects: TIBCO Software Inc.'s TIBCO API Exchange Gateway version 2.3.1 and prior versions, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric version 2.3.1 and prior versions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.9CRITICAL
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Secondary3.06.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 9.9
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Type: Secondary
Version: 3.0
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
TIBCO (Cloud Software Group, Inc.)
tibco
>>api_exchange_gateway>>Versions up to 2.3.1(inclusive)
cpe:2.3:a:tibco:api_exchange_gateway:*:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>api_exchange_gateway>>Versions up to 2.3.1(inclusive)
cpe:2.3:a:tibco:api_exchange_gateway:*:*:*:*:*:silver_fabric:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.tibco.com/services/support/advisoriessecurity@tibco.com
Vendor Advisory
https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchangesecurity@tibco.com
Issue Tracking
Vendor Advisory
Hyperlink: http://www.tibco.com/services/support/advisories
Source: security@tibco.com
Resource:
Vendor Advisory
Hyperlink: https://www.tibco.com/support/advisories/2019/08/tibco-security-advisory-august-7-2019-tibco-api-exchange
Source: security@tibco.com
Resource:
Issue Tracking
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2017-5531
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.55% / 66.88%
||
7 Day CHG~0.00%
Published-17 Oct, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-managed_file_transfer_command_centermanaged_file_transfer_internet_serverTIBCO Managed File Transfer Command CenterTIBCO Managed File Transfer Internet Server
CVE-2021-43054
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.1||HIGH
EPSS-0.16% / 37.29%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:25
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO eFTL Token Generation Vulnerability

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-eftlTIBCO eFTL - Community EditionTIBCO eFTL - Developer EditionTIBCO eFTL - Enterprise Edition
CVE-2021-43055
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.29%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:25
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO eFTL Token Caching Vulnerability

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-eftlTIBCO eFTL - Community EditionTIBCO eFTL - Developer EditionTIBCO eFTL - Enterprise Edition
CVE-2013-3315
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.54% / 66.59%
||
7 Day CHG~0.00%
Published-31 May, 2013 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-silver_mobilen/a
CVE-2024-3330
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.32% / 53.98%
||
7 Day CHG~0.00%
Published-27 Jun, 2024 | 18:37
Updated-01 Aug, 2024 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spotfire Remote Code Execution Vulnerability

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitrary code as the account running the Web player process, In the case of Automation Services: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code via Automation Services..This issue affects Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0 through 14.0.2; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0 through 14.0.3, from 14.2.0 through 14.3.0; Spotfire for AWS Marketplace: from 14.0 before 14.3.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)Spotfire (Cloud Software Group, Inc.)
Product-Spotfire AnalystSpotfire ServerSpotfire for AWS Marketplacespotfire_analystspotfire_serverspotfire_analytics_platform_for_aws
CWE ID-CWE-250
Execution with Unnecessary Privileges
CVE-2021-28828
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.6||HIGH
EPSS-0.39% / 58.99%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 18:30
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Administrator SQL injection vulnerability

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-administratorTIBCO Administrator - Enterprise EditionTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver FabricTIBCO Administrator - Enterprise Edition for z/Linux
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-9417
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.6||HIGH
EPSS-0.42% / 61.01%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:13
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Foresight SQL Injection

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-foresight_transaction_insightforesight_archive_and_retrieval_systemforesight_operational_monitorTIBCO Foresight Operational Monitor Healthcare EditionTIBCO Foresight Transaction InsightTIBCO Foresight Archive and Retrieval SystemTIBCO Foresight Transaction Insight Healthcare EditionTIBCO Foresight Operational MonitorTIBCO Foresight Archive and Retrieval System Healthcare Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-11209
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.47%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 17:23
Updated-16 Sep, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Escalation Of Privileges for Realm Configuration

The realm configuration component of TIBCO Software Inc.'s TIBCO FTL Community Edition, TIBCO FTL Developer Edition, TIBCO FTL Enterprise Edition contains a vulnerability that theoretically fails to properly enforce access controls. This issue affects TIBCO FTL Community Edition 6.0.0; 6.0.1; 6.1.0, TIBCO FTL Developer Edition 6.0.1; 6.1.0, and TIBCO FTL Enterprise Edition 6.0.0; 6.0.1; 6.1.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ftlTIBCO FTL Community EditionTIBCO FTL Developer EditionTIBCO FTL Enterprise Edition
CVE-2018-5429
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.99% / 75.94%
||
7 Day CHG~0.00%
Published-17 Apr, 2018 | 18:00
Updated-17 Sep, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Library Code Sandboxing Problem

A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, TIBCO Jaspersoft Studio Community Edition, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow analytic reports that contain scripting to perform arbitrary code execution. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2;6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO JasperReports Library: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.1; 6.4.2, TIBCO JasperReports Library Community Edition: versions up to and including 6.4.3, TIBCO JasperReports Library for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2, TIBCO Jaspersoft Studio: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO Jaspersoft Studio Community Edition: versions up to and including 6.4.3, TIBCO Jaspersoft Studio for ActiveMatrix BPM: versions up to and including 6.4.2.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jasperreports_libraryjaspersoft_studiojasperreports_serverjaspersoft_reporting_and_analyticsjaspersoftTIBCO Jaspersoft StudioTIBCO Jaspersoft Studio for ActiveMatrix BPMTIBCO JasperReports Library Community EditionTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO JasperReports Library for ActiveMatrix BPMTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO Jaspersoft Studio Community EditionTIBCO JasperReports LibraryTIBCO JasperReports Server Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports Server
CVE-2016-3628
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.86% / 85.73%
||
7 Day CHG~0.00%
Published-20 Apr, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-enterprise_message_service_appliance_firmwareenterprise_message_service_applianceenterprise_message_servicen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-11211
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-3.13% / 86.34%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 22:21
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-enterprise_runtime_for_rspotfire_analytics_platform_for_awsTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Enterprise Runtime for R - Server Edition
CVE-2019-8992
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.48%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 20:20
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Active Matrix Service Grid Administrator Remote Code Execution

The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-activematrix_bpmactivematrix_service_bussilver_fabric_enableractivematrix_service_gridactivematrix_policy_directorTIBCO ActiveMatrix Service GridTIBCO ActiveMatrix Service BusTIBCO Silver Fabric Enabler for ActiveMatrix Service GridTIBCO ActiveMatrix BPMTIBCO ActiveMatrix BPM Distribution for TIBCO Silver FabricTIBCO Silver Fabric Enabler for ActiveMatrix BPMTIBCO ActiveMatrix Policy DirectorTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
Details not found