CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35498 – TIBCO EBX Insecure Login Mechanism
https://notcve.org/view.php?id=CVE-2021-35498
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0. El componente TIBCO EBX Web Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-13-2021-tibco-ebx-2021-35498 • CWE-521: Weak Password Requirements •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23271 – TIBCO EBX Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23271
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.12 and below. El componente TIBCO EBX Web Server de TIBCO EBX de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite a un atacante poco privilegiado con acceso a la red ejecutar un ataque de tipo Cross Site Scripting (XSS) Almacenado en el sistema afectado. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/02/tibco-security-advisory-february-2-2021-tibco-ebx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17333 – TIBCO EBX Exposes Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-17333
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7. El componente Web server de TIBCO EBX de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) almacenado. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/02/tibco-security-advisory-february-19-2020-tibco-ebx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2019-17330 – TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17330
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. El componente servidor Web de TIBCO EBX de TIBCO Software Inc. contiene múltiples vulnerabilidades que teóricamente permiten a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) almacenados, y usuarios no autenticados para realizar ataques de tipo cross-site scripting reflejados. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •