CVE-2021-43053 – TIBCO FTL Secret Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2021-43053
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. El componente Realm Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43053 •
CVE-2021-43052 – TIBCO FTL Secret Generation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43052
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below. El componente Realm Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-january-11-2022-tibco-ftl-2021-43052 • CWE-798: Use of Hard-coded Credentials •
CVE-2021-43051 – TIBCO Spotfire Server API Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2021-43051
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and below, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, 11.3.0, 11.4.0, and 11.4.1, and TIBCO Spotfire Server: versions 11.5.0 and 11.6.0. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/12/tibco-security-advisory-december-14-2021-tibco-spotfire-server-2021-43051 •
CVE-2021-43048 – TIBCO PartnerExpress Click-Jacking vulnerability
https://notcve.org/view.php?id=CVE-2021-43048
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43048 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2021-43047 – TIBCO PartnerExpress Cross Site Scripting vulnerabilities
https://notcve.org/view.php?id=CVE-2021-43047
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/11/tibco-security-advisory-november-16-2021-tibco-partnerexpress-2021-43047 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •