CVE-2021-23274 – TIBCO API Exchange Gateway Clickjack Vulnerability
https://notcve.org/view.php?id=CVE-2021-23274
The Config UI component of TIBCO Software Inc.'s TIBCO API Exchange Gateway and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO API Exchange Gateway: versions 2.3.3 and below and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric: versions 2.3.3 and below. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-23-2021-tibco-api-exchange-gateway • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVE-2021-23273 – TIBCO Spotfire Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-23273
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-23271 – TIBCO EBX Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23271
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.12 and below. El componente TIBCO EBX Web Server de TIBCO EBX de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite a un atacante poco privilegiado con acceso a la red ejecutar un ataque de tipo Cross Site Scripting (XSS) Almacenado en el sistema afectado. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/02/tibco-security-advisory-february-2-2021-tibco-ebx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-23272 – TIBCO BPM Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23272
The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below. El componente Application Development Clients de TIBCO BPM Enterprise y TIBCO BPM Enterprise Distribution de TIBCO Software Inc. para TIBCO Silver Fabric contiene una vulnerabilidad que teóricamente permite a un atacante con poco privilegiado con acceso a la red ejecutar un ataque de tipo Cross Site Scripting (XSS) en el sistema afectado. • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-27148 – TIBCO EBX EXML External Entity
https://notcve.org/view.php?id=CVE-2020-27148
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below. El Add-on TIBCO EBX para Oracle Hyperion EPM, el Add-on TIBCO EBX Data Exchange y los componentes del Add-on TIBCO EBX Insight de los complementos TIBCO EBX de TIBCO Software Inc. contienen una vulnerabilidad que teóricamente permite a un atacante poco privilegiado con acceso a la red para ejecutar un ataque de Entidad Externa XML (XXE). • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-ons • CWE-611: Improper Restriction of XML External Entity Reference •