CVE-2019-11203 – TIBCO ActiveMatrix BPM Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11203
The workspace client, openspace client, app development client, and REST API of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain cross site scripting (XSS) and cross-site request forgery vulnerabilities. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1. El cliente de espacio de trabajo, el cliente de espacio abierto, el cliente de desarrollo de aplicaciones y la API REST de TIBCO Software Inc. de TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric y TIBCO Silver Fabric Enabler para ActiveMatrix BPM contienen vulnerabilidades de XSS y CSRF. • http://www.securityfocus.com/bid/108057 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-11203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2014-7195
https://notcve.org/view.php?id=CVE-2014-7195
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors. Spotfire Web Player Engine en TIBCO Spotfire Web Player 6.0.x anterior a 6.0.2 y 6.5.x anterior a 6.5.2, Spotfire Deployment Kit 6.0.x anterior a 6.0.2 y 6.5.x anterior a 6.5.2, y Silver Fabric Enabler para Spotfire Web Player anterior a 1.6.1 permite a usuarios remotos autenticados obtener información sensible a través de vectores sin especificar. • http://www.tibco.com/assets/blta5b5c969aff51474/2014-009-spotfire-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •