Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-9414

Summary
Assigner-tibco
Assigner Org ID-4f830c72-39e4-45f6-a99f-78cc01ae04db
Published At-30 Jun, 2020 | 19:40
Updated At-17 Sep, 2024 | 01:41
Rejected At-
Credits

TIBCO Managed File Transfer reflected XSS vulerability

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:tibco
Assigner Org ID:4f830c72-39e4-45f6-a99f-78cc01ae04db
Published At:30 Jun, 2020 | 19:40
Updated At:17 Sep, 2024 | 01:41
Rejected At:
▼CVE Numbering Authority (CNA)
TIBCO Managed File Transfer reflected XSS vulerability

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Affected Products
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO Managed File Transfer Command Center
Versions
Affected
  • From unspecified through 8.2.1 (custom)
Vendor
TIBCO (Cloud Software Group, Inc.)TIBCO Software Inc.
Product
TIBCO Managed File Transfer Internet Server
Versions
Affected
  • From unspecified through 8.2.1 (custom)
Problem Types
TypeCWE IDDescription
textN/AThe impact of this vulnerability includes the possibility that an attacker could gain administrative control of the affected system.
Type: text
CWE ID: N/A
Description: The impact of this vulnerability includes the possibility that an attacker could gain administrative control of the affected system.
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

TIBCO has released updated versions of the affected components which address these issues. TIBCO Managed File Transfer Command Center versions 8.2.1 and below update to version 8.3.0 or higher TIBCO Managed File Transfer Internet Server versions 8.2.1 and below update to version 8.3.0 or higher

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_CONFIRM
Hyperlink: http://www.tibco.com/services/support/advisories
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.tibco.com/services/support/advisories
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.tibco.com/services/support/advisories
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@tibco.com
Published At:30 Jun, 2020 | 20:15
Updated At:07 Nov, 2023 | 03:26

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contains a vulnerability that theoretically allows an authenticated user with specific permissions to obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.09.0HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 9.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
CPE Matches
TIBCO (Cloud Software Group, Inc.)
tibco
>>managed_file_transfer_command_center>>Versions before 8.2.1(exclusive)
cpe:2.3:a:tibco:managed_file_transfer_command_center:*:*:*:*:*:*:*:*
TIBCO (Cloud Software Group, Inc.)
tibco
>>managed_file_transfer_internet_server>>Versions before 8.2.1(exclusive)
cpe:2.3:a:tibco:managed_file_transfer_internet_server:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.tibco.com/services/support/advisoriessecurity@tibco.com
Vendor Advisory
Hyperlink: http://www.tibco.com/services/support/advisories
Source: security@tibco.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

104Records found
CVE-2018-5430
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.7||HIGH
EPSS-71.32% / 98.66%
||
7 Day CHG~0.00%
Published-17 Apr, 2018 | 18:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-01-19||Apply updates per vendor instructions.
TIBCO JasperReports Server Information Disclosure Vulnerability

The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3;6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jaspersoft_reporting_and_analyticsjaspersoftjasperreports_serverTIBCO JasperReports Server Community EditionTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports ServerJasperReports
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2010-4495
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9||HIGH
EPSS-1.06% / 76.70%
||
7 Day CHG~0.00%
Published-17 Dec, 2010 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-activematrix_businessworks_service_engineactivematrix_service_gridsilver_bpm_serviceactivematrix_bpmactivematrix_service_bussilver_cap_servicen/a
CVE-2024-1138
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.09% / 26.90%
||
7 Day CHG+0.02%
Published-12 Mar, 2024 | 17:30
Updated-28 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Privilege Escalation

The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-TIBCO FTL - Enterprise Editionftl
CWE ID-CWE-269
Improper Privilege Management
CVE-2018-5428
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.51% / 65.48%
||
7 Day CHG~0.00%
Published-20 Jun, 2018 | 18:00
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Data Virtualization Command Injection Vulnerability

The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-data_virtualizationTIBCO Data Virtualization
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-35495
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9||CRITICAL
EPSS-0.35% / 56.85%
||
7 Day CHG~0.00%
Published-12 Oct, 2021 | 17:35
Updated-16 Sep, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports FTP Password exposed

The Scheduler Connection component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows an authenticated attacker with network access to obtain FTP server passwords for other users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.2.1 and below, TIBCO JasperReports Server: versions 7.5.0 and 7.5.1, TIBCO JasperReports Server: version 7.8.0, TIBCO JasperReports Server: version 7.9.0, TIBCO JasperReports Server - Community Edition: versions 7.8.0 and below, TIBCO JasperReports Server - Developer Edition: versions 7.9.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and below, and TIBCO JasperReports Server for Microsoft Azure: version 7.8.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jasperreports_serverTIBCO JasperReports Server for Microsoft AzureTIBCO JasperReports Server - Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports ServerTIBCO JasperReports Server for AWS MarketplaceTIBCO JasperReports Server - Developer Edition
CVE-2020-9417
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.6||HIGH
EPSS-0.42% / 61.00%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 21:13
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Foresight SQL Injection

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-foresight_transaction_insightforesight_archive_and_retrieval_systemforesight_operational_monitorTIBCO Foresight Operational Monitor Healthcare EditionTIBCO Foresight Transaction InsightTIBCO Foresight Archive and Retrieval SystemTIBCO Foresight Transaction Insight Healthcare EditionTIBCO Foresight Operational MonitorTIBCO Foresight Archive and Retrieval System Healthcare Edition
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-9408
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-11 Mar, 2020 | 19:55
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_serverspotfire_analytics_platform_for_awsTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Spotfire Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2017-5534
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.15%
||
7 Day CHG~0.00%
Published-13 Dec, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper sandboxing of a third-party component in tibbr

The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-tibbrtibbr Communitytibbr Enterprise
CVE-2023-26219
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.4||HIGH
EPSS-0.20% / 42.45%
||
7 Day CHG~0.00%
Published-24 Oct, 2023 | 21:56
Updated-11 Sep, 2024 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability

The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-hawk_distribution_for_tibco_silver_fabrichawkruntime_agentoperational_intelligence_hawk_redtailTIBCO Runtime AgentTIBCO HawkTIBCO Operational Intelligence Hawk RedTailTIBCO Hawk Distribution for TIBCO Silver Fabric
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-30573
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.51% / 65.33%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 17:20
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO FTL Privilege Escalation

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO FTL - Enterprise Edition: version 6.8.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ftlTIBCO FTL - Community EditionTIBCO FTL - Enterprise EditionTIBCO FTL - Developer Edition
CVE-2022-22771
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.52%
||
7 Day CHG~0.00%
Published-15 Mar, 2022 | 17:05
Updated-17 Sep, 2024 | 02:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Library Directory Traversal Vulnerability

The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jasperreports_libraryjasperreports_serverTIBCO JasperReports Library for ActiveMatrix BPMTIBCO JasperReports Server for Microsoft AzureTIBCO JasperReports LibraryTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports ServerTIBCO JasperReports Server for AWS Marketplace
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2021-43054
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.1||HIGH
EPSS-0.16% / 37.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:25
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO eFTL Token Generation Vulnerability

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-eftlTIBCO eFTL - Community EditionTIBCO eFTL - Developer EditionTIBCO eFTL - Enterprise Edition
CVE-2021-43055
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.16% / 37.28%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 18:25
Updated-16 Sep, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO eFTL Token Caching Vulnerability

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions 6.7.2 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-eftlTIBCO eFTL - Community EditionTIBCO eFTL - Developer EditionTIBCO eFTL - Enterprise Edition
CVE-2019-8992
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.72% / 71.46%
||
7 Day CHG~0.00%
Published-24 Apr, 2019 | 20:20
Updated-17 Sep, 2024 | 03:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Active Matrix Service Grid Administrator Remote Code Execution

The administrative server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability wherein a user without privileges to upload distributed application archives ("Upload DAA" permission) can theoretically upload arbitrary code, and in some circumstances then execute that code on ActiveMatrix Service Grid nodes. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-activematrix_bpmactivematrix_service_bussilver_fabric_enableractivematrix_service_gridactivematrix_policy_directorTIBCO ActiveMatrix Service GridTIBCO ActiveMatrix Service BusTIBCO Silver Fabric Enabler for ActiveMatrix Service GridTIBCO ActiveMatrix BPMTIBCO ActiveMatrix BPM Distribution for TIBCO Silver FabricTIBCO Silver Fabric Enabler for ActiveMatrix BPMTIBCO ActiveMatrix Policy DirectorTIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-26217
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.19% / 41.55%
||
7 Day CHG~0.00%
Published-19 Jul, 2023 | 20:36
Updated-24 Oct, 2024 | 17:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO EBX Add-ons SQL Injection Vulnerability

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ebx_add-onsTIBCO EBX Add-ons
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-28828
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-7.6||HIGH
EPSS-0.39% / 58.98%
||
7 Day CHG~0.00%
Published-20 Apr, 2021 | 18:30
Updated-16 Sep, 2024 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Administrator SQL injection vulnerability

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-administratorTIBCO Administrator - Enterprise EditionTIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver FabricTIBCO Administrator - Enterprise Edition for z/Linux
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-11211
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-3.13% / 86.34%
||
7 Day CHG~0.00%
Published-18 Sep, 2019 | 22:21
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-enterprise_runtime_for_rspotfire_analytics_platform_for_awsTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Enterprise Runtime for R - Server Edition
CVE-2019-11204
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 63.71%
||
7 Day CHG~0.00%
Published-14 May, 2019 | 19:57
Updated-16 Sep, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire Statistics Services Exposes Sensitive Files

The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_statistics_servicesTIBCO Spotfire Statistics Services
CVE-2022-22770
Matching Score-8
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-8
Assigner-TIBCO Software Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.33% / 84.20%
||
7 Day CHG~0.00%
Published-15 Feb, 2022 | 18:00
Updated-16 Sep, 2024 | 22:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO AuditSafe API Authentication vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-auditsafeTIBCO AuditSafe
CVE-2011-3423
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 63.87%
||
7 Day CHG~0.00%
Published-17 Sep, 2011 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-slingshotmanaged_file_transfer_command_centermanaged_file_transfer_internet_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2020
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 65.66%
||
7 Day CHG~0.00%
Published-20 May, 2011 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-iprocess_workspaceiprocess_enginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1414
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 66.78%
||
7 Day CHG~0.00%
Published-22 Mar, 2011 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-tibbrtibbr_servicen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-4497
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 66.78%
||
7 Day CHG~0.00%
Published-07 Jan, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-collaborative_information_manageractivecatalogn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5432
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.21% / 43.04%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 13:00
Updated-17 Sep, 2024 | 02:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability

The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-administratorTIBCO Administrator - Enterprise EditionTIBCO Administrator - Enterprise Edition for z/Linux
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5431
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.26% / 49.48%
||
7 Day CHG~0.00%
Published-17 Apr, 2018 | 18:00
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Server Cross Site Scripting Vulnerability

The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jaspersoft_reporting_and_analyticsjasperreports_serverjaspersoftTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO JasperReports Server Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-35499
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.69% / 70.85%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 16:35
Updated-17 Sep, 2024 | 01:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities

The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-nimbusTIBCO Nimbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-35493
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-9||CRITICAL
EPSS-0.69% / 70.85%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 17:20
Updated-17 Sep, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO WebFOCUS Cross Site Scripting vulnerabilities

The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-webfocus_reporting_serverwebfocus_clientwebfocus_installerTIBCO WebFOCUS InstallerTIBCO WebFOCUS ClientTIBCO WebFOCUS Reporting Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18813
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8.8||HIGH
EPSS-0.29% / 51.81%
||
7 Day CHG~0.00%
Published-16 Jan, 2019 | 22:00
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities

The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_serverspotfire_analytics_platform_for_awsTIBCO Spotfire Analytics Platform for AWS MarketplaceTIBCO Spotfire Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18807
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-7.6||HIGH
EPSS-0.26% / 49.05%
||
7 Day CHG~0.00%
Published-26 Nov, 2018 | 20:00
Updated-16 Sep, 2024 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Statistica Server Vulnerable to Cross Site Scripting

The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-statistica_serverTIBCO Statistica Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18816
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.26% / 49.01%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 22:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Persistent Cross Site Scripting Vulnerability

The repository component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS contains a persistent cross site scripting vulnerability. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.3.4; 6.4.0; 6.4.1; 6.4.2; 6.4.3; 7.1.0, TIBCO JasperReports Server Community Edition: versions up to and including 7.1.0, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.3, TIBCO Jaspersoft for AWS with Multi- Tenancy versions up to and including 7.1.0, and TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 7.1.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jaspersoft_reporting_and_analyticsjasperreports_serverjaspersoftTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO JasperReports Server Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2542
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.41%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aTIBCO (Cloud Software Group, Inc.)
Product-rendezvoussubstantiation_esmessaging_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-23272
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.21% / 43.86%
||
7 Day CHG~0.00%
Published-26 Jan, 2021 | 18:15
Updated-16 Sep, 2024 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO BPM Cross Site Scripting (XSS)

The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-bpm_enterprisebpm_enterprise_distribution_for_silver_fabricTIBCO BPM Enterprise Distribution for TIBCO Silver FabricTIBCO BPM Enterprise
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-41565
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8.7||HIGH
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 00:00
Updated-03 Aug, 2024 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO EBX Cross Site Scripting (XSS) Vulnerability

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-product_and_service_catalog_powered_by_tibco_ebxebxTIBCO Product and Service Catalog powered by TIBCO EBXTIBCO EBX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-41566
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8.7||HIGH
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 00:00
Updated-03 Aug, 2024 | 12:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ebx_add-onsTIBCO EBX Add-ons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-9413
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.86% / 74.02%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 19:40
Updated-17 Sep, 2024 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Managed File Transfer reflected XSS vulerability

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary commands on the affected system. If the attacker convinces an authenticated user with a currently active session to enter or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-managed_file_transfer_internet_servermanaged_file_transfer_command_centerTIBCO Managed File Transfer Command CenterTIBCO Managed File Transfer Internet Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5532
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 49.89%
||
7 Day CHG~0.00%
Published-15 Nov, 2017 | 21:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports persistent cross site scripting

A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS, TIBCO Jaspersoft Studio, and TIBCO Jaspersoft Studio for ActiveMatrix BPM may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Affected releases are TIBCO JasperReports Server 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0 and below, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0 and below, TIBCO JasperReports Library 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0; 6.4.1, TIBCO JasperReports Library for ActiveMatrix BPM 6.4.1 and below, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0 and below, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0 and below, TIBCO Jaspersoft Studio 6.2.3 and below; 6.3.0; 6.3.1; 6.3.2; 6.4.0, and TIBCO Jaspersoft Studio for ActiveMatrix BPM 6.4.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jaspersoft_studiojasperreports_libraryjasperreports_serverjaspersoftjaspersoft_reporting_and_analyticsTIBCO Jaspersoft StudioTIBCO Jaspersoft Studio for ActiveMatrix BPMTIBCO Jaspersoft Reporting and Analytics for AWSTIBCO JasperReports Library for ActiveMatrix BPMTIBCO Jaspersoft for AWS with Multi-TenancyTIBCO JasperReports LibraryTIBCO JasperReports Server Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30578
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.70% / 71.16%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 17:55
Updated-28 May, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO EBX Add-ons Stored XSS vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ebx_add-onsTIBCO EBX Add-ons
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30577
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.64% / 69.52%
||
7 Day CHG~0.00%
Published-21 Sep, 2022 | 17:55
Updated-22 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO EBX Stored XSS vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-ebxTIBCO EBX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5536
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-6.3||MEDIUM
EPSS-0.21% / 43.31%
||
7 Day CHG~0.00%
Published-01 May, 2018 | 18:00
Updated-17 Sep, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks

The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-datasynapse_gridserver_managerTIBCO DataSynapse GridServer Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-26218
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.20% / 41.83%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 17:07
Updated-23 Sep, 2024 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities

The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-nimbusTIBCO Nimbus
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30571
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8.1||HIGH
EPSS-0.58% / 68.05%
||
7 Day CHG~0.00%
Published-02 Aug, 2022 | 16:50
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability

The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-iway_service_managerTIBCO iWay Service Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30576
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8.7||HIGH
EPSS-0.62% / 69.00%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 17:55
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Statistica Stored Cross Site Scripting (XSS) Vulnerability

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-statisticadata_science_-_workbenchTIBCO Data Science - WorkbenchTIBCO Statistica TrialTIBCO StatisticaTIBCO Statistica - Estore Edition
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-30575
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-7.3||HIGH
EPSS-0.62% / 69.00%
||
7 Day CHG~0.00%
Published-16 Aug, 2022 | 17:55
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO Statistica Reflected Cross Site Scripting (XSS) Vulnerability

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-statisticadata_science_-_workbenchTIBCO Data Science - WorkbenchTIBCO Statistica TrialTIBCO StatisticaTIBCO Statistica - Estore Edition
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-26214
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-7.3||HIGH
EPSS-0.47% / 63.77%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 00:00
Updated-12 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO BusinessConnect Reflected XSS Vulnerability

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-businessconnectTIBCO BusinessConnect
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3180
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-5.4||MEDIUM
EPSS-0.34% / 56.03%
||
7 Day CHG~0.00%
Published-24 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple TIBCO Spotfire components fail to sanitize user-supplied inout and are vulnerable to cross-site scripting

Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier TIBCO Spotfire Analyst 7.5.0 TIBCO Spotfire Analyst 7.6.0 TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier TIBCO Spotfire Automation Services 6.5.3 and earlier TIBCO Spotfire Automation Services 7.0.0, and 7.0.1 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 6.5.3 and earlier TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1 TIBCO Spotfire Deployment Kit 7.5.0 TIBCO Spotfire Deployment Kit 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 6.5.2 and earlier TIBCO Spotfire Desktop 7.0.0, and 7.0.1 TIBCO Spotfire Desktop 7.5.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier TIBCO Spotfire Desktop Language Packs 7.5.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 TIBCO Spotfire Professional 6.5.3 and earlier TIBCO Spotfire Professional 7.0.0 and 7.0.1 TIBCO Spotfire Web Player 6.5.3 and earlier TIBCO Spotfire Web Player 7.0.0 and 7.0.1

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-spotfire_professionalspotfire_desktop_language_packssilver_fabric_enabler_for_spotfire_web_playerspotfire_desktopspotfire_web_playerspotfire_analytics_platform_for_awsspotfire_connectorsspotfire_automation_servicesspotfire_analystspotfire_deployment_kitSpotfire Automation Services 6Spotfire Web PlayerSpotfire Desktop Language PacksSpotfire ProfessionalSpotfire AnalystSpotfire Desktop Developer EditionSpotfire ConnectorsSpotfire Analytics Platform for AWS MarketplaceSpotfire Deployment KitSpotfire DesktopSilver Fabric Enabler for Spotfire Web Player
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-22769
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.43% / 61.84%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 19:25
Updated-17 Sep, 2024 | 00:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO EBX vulnerabilities

The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-product_and_service_catalog_powered_by_tibco_ebxebx_add-onsebxTIBCO EBX Add-onsTIBCO Product and Service Catalog powered by TIBCO EBXTIBCO EBX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-22773
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-7.7||HIGH
EPSS-0.60% / 68.47%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 17:30
Updated-16 Sep, 2024 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.1 and below, TIBCO JasperReports Server - Community Edition: versions 8.0.1 and below, TIBCO JasperReports Server - Developer Edition: versions 8.0.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.1 and below, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.2 and below, and TIBCO JasperReports Server for Microsoft Azure: versions 8.0.1 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-jasperreports_serverTIBCO JasperReports Server for Microsoft AzureTIBCO JasperReports Server - Community EditionTIBCO JasperReports Server for ActiveMatrix BPMTIBCO JasperReports ServerTIBCO JasperReports Server for AWS MarketplaceTIBCO JasperReports Server - Developer Edition
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-22775
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8.1||HIGH
EPSS-0.57% / 67.54%
||
7 Day CHG~0.00%
Published-17 May, 2022 | 17:30
Updated-17 Sep, 2024 | 03:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability

The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-bpm_enterprisebpm_enterprise_distribution_for_silver_fabricTIBCO BPM Enterprise Distribution for TIBCO Silver FabricTIBCO BPM Enterprise
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-43047
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-9||CRITICAL
EPSS-0.29% / 51.82%
||
7 Day CHG~0.00%
Published-16 Nov, 2021 | 17:50
Updated-16 Sep, 2024 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO PartnerExpress Cross Site Scripting vulnerabilities

The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-partnerexpressTIBCO PartnerExpress
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-22776
Matching Score-6
Assigner-TIBCO Software Inc.
ShareView Details
Matching Score-6
Assigner-TIBCO Software Inc.
CVSS Score-8||HIGH
EPSS-0.69% / 70.85%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 17:00
Updated-16 Sep, 2024 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability

The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.

Action-Not Available
Vendor-TIBCO (Cloud Software Group, Inc.)
Product-businessconnect_trading_community_managementTIBCO BusinessConnect Trading Community Management
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found