CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22770 – TIBCO AuditSafe API Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-22770
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below. El componente Web Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43050 – TIBCO BusinessConnect Container Edition administrative username and passwords leakage
https://notcve.org/view.php?id=CVE-2021-43050
The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. El componente Auth Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43049 – TIBCO BusinessConnect Container Edition username and password leakage
https://notcve.org/view.php?id=CVE-2021-43049
The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. El componente de base de datos de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43049 •
CVSS: 9.0EPSS: 0%CPEs: 45EXPL: 0CVE-2022-22769 – TIBCO EBX vulnerabilities
https://notcve.org/view.php?id=CVE-2022-22769
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.124 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, 5.9.14, and 5.9.15, TIBCO EBX: versions 6.0.0, 6.0.1, 6.0.2, and 6.0.3, TIBCO EBX Add-ons: versions 3.20.18 and below, TIBCO EBX Add-ons: versions 4.1.0, 4.2.0, 4.2.1, 4.2.2, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, and 4.5.6, TIBCO EBX Add-ons: versions 5.0.0, 5.0.1, 5.1.0, 5.1.1, and 5.2.0, and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.1.0 and below. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-19-2022-tibco-ebx-2022-22769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35500 – TIBCO Data Virtualization Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2021-35500
The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtualization: version 8.4.0, TIBCO Data Virtualization: version 8.5.0, and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.0 and below. El componente Data Virtualization Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-12-2022-tibco-data-virtualization-2021-35500 •