CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27147 – TIBCO PartnerExpress REST API
https://notcve.org/view.php?id=CVE-2020-27147
The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: version 6.2.0. El componente API REST de TIBCO PartnerExpress de TIBCO Software Inc., contiene una vulnerabilidad que teóricamente permite a un atacante no autenticado con acceso a la red obtener una URL de inicio de sesión autenticada para el sistema afectado a través de una API REST. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/12/tibco-security-advisory-december-15-2020-tibco-partnerexpress •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27146 – TIBCO iProcess Workspace Browser CSRF
https://notcve.org/view.php?id=CVE-2020-27146
The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser) contains a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a Cross Site Request Forgery (CSRF) attack on the affected system. A successful attack using this vulnerability requires human interaction from an authenticated user other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO iProcess Workspace (Browser): versions 11.6.0 and below. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/11/tibco-security-advisory-november-10-2020-tibco-iprocess-workspace • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2020-9417 – TIBCO Foresight SQL Injection
https://notcve.org/view.php?id=CVE-2020-9417
The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0. El componente de reporte Transaction Insight de TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight y TIBCO Foresight Transaction Insight Healthcare Edition, de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite a un atacante autenticado llevar a cabo una inyección SQL. • http://www.tibco.com/services/support/advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.2EPSS: 0%CPEs: 20EXPL: 0CVE-2020-9416 – TIBCO Spotfire Stored Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2020-9416
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-9415 – TIBCO Data Virtualization
https://notcve.org/view.php?id=CVE-2020-9415
The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system. The user must be authenticated and have privileges required to monitor the server in an operational capacity. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 7.0.8 and below, versions 8.0.0, 8.1.0, 8.1.1, and 8.2.0 and TIBCO Data Virtualization for AWS Marketplace: versions 8.2.0 and below. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/08/tibco-security-advisory-august-18-2020-tibco-data-virtualization •