CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-12416 – TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-12416
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0. Los componentes GridServer Broker y GridServer Director de TIBCO DataSynapse GridServer Manager, de TIBCO Software Inc., contienen vulnerabilidades que podrían permitir que un usuario no autenticado realice Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105913 https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5536 – TIBCO DataSynapse GridServer manager component vulnerable to cross-site scripting attacks
https://notcve.org/view.php?id=CVE-2017-5536
The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a cross-site request forgery (CSRF) attack. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. • https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5535 – TIBCO DataSynapse GridServer improper use of encryption
https://notcve.org/view.php?id=CVE-2017-5535
The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components. Affected releases include TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager: versions up to and including 5.1.3; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; and 6.2.0. • https://www.tibco.com/support/advisories/2018/05/security-advisory-may-1-2018-tibco-datasynapse-gridserver-2017-5535 • CWE-326: Inadequate Encryption Strength •