CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-28824 – TIBCO ActiveSpaces Windows Platform Installation vulnerability
https://notcve.org/view.php?id=CVE-2021-28824
23 Mar 2021 — The Windows Installation component of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulner... • http://www.tibco.com/services/support/advisories • CWE-863: Incorrect Authorization •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-12411 – TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12411
06 Nov 2018 — The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise ... • http://www.securityfocus.com/bid/105869 • CWE-352: Cross-Site Request Forgery (CSRF) •