CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17337 – TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17337
17 Dec 2019 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17336 – TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources
https://notcve.org/view.php?id=CVE-2019-17336
17 Dec 2019 — The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software I... • http://www.tibco.com/services/support/advisories •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17335 – TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users
https://notcve.org/view.php?id=CVE-2019-17335
17 Dec 2019 — The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6... • http://www.tibco.com/services/support/advisories •
CVSS: 8.0EPSS: 0%CPEs: 29EXPL: 0CVE-2019-17334 – TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files
https://notcve.org/view.php?id=CVE-2019-17334
17 Dec 2019 — The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has wri... • http://www.tibco.com/services/support/advisories • CWE-276: Incorrect Default Permissions •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17332 – TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17332
12 Nov 2019 — The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2. El componente Digital Asset Manager Web Interface de los Add-ons TIBCO EBX de TIBCO Software Inc. contiene una vulnerabilidad que teóricamente permite a... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17331 – TIBCO EBX Add-on For Data Exchange Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17331
12 Nov 2019 — The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. El componente Data Exchange Web Interface de los Add-ons TIBCO EBX de TIBCO Software Inc. contiene una vulnerabilidad que teóricamente permite a usuarios autenticados realizar ataques de... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2019-17330 – TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17330
12 Nov 2019 — The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. El componente servidor Web de TIBCO EBX de TIBCO Software Inc. contiene múltiples vulnerabilidades que te... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11212 – TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11212
09 Oct 2019 — The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0. El componente del servidor MDM del TIBCO MDM de TIBCO Software Inc contiene múltiples vulnerabilidades que teóricamente permiten a un usuario autenticado con roles específicos realizar ataques de scripting... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11211 – TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11211
18 Sep 2019 — The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 ... • http://www.tibco.com/services/support/advisories •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11210 – TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11210
18 Sep 2019 — The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4... • http://www.tibco.com/services/support/advisories •