CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17331 – TIBCO EBX Add-on For Data Exchange Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17331
The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. El componente Data Exchange Web Interface de los Add-ons TIBCO EBX de TIBCO Software Inc. contiene una vulnerabilidad que teóricamente permite a usuarios autenticados realizar ataques de tipo cross-site scripting (XSS) almacenados. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17331 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 6EXPL: 0CVE-2019-17330 – TIBCO EBX Exposes Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17330
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6. El componente servidor Web de TIBCO EBX de TIBCO Software Inc. contiene múltiples vulnerabilidades que teóricamente permiten a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) almacenados, y usuarios no autenticados para realizar ataques de tipo cross-site scripting reflejados. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11212 – TIBCO MDM Exposes Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11212
The MDM server component of TIBCO Software Inc's TIBCO MDM contains multiple vulnerabilities that theoretically allow an authenticated user with specific roles to perform cross-site scripting (XSS) attacks. This issue affects TIBCO Software Inc.'s TIBCO MDM version 9.0.1 and prior versions; version 9.1.0. El componente del servidor MDM del TIBCO MDM de TIBCO Software Inc contiene múltiples vulnerabilidades que teóricamente permiten a un usuario autenticado con roles específicos realizar ataques de scripting entre sitios (XSS). Este problema afecta a la versión 9.0.1 de TIBCO Software Inc. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/10/tibco-security-advisory-october-8-2019-tibco-mdm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11211 – TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11211
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0. TIBCO Enterprise Runtime para R - Server Edition, y TIBCO Spotfire Analytics Platform para AWS Marketplace del componente servidor de TIBCO Software Inc., contiene una vulnerabilidad que teóricamente permite a un usuario autenticado activar la ejecución de código remota en determinadas circunstancias. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11210 – TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11210
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0. TIBCO Enterprise Runtime para R - Server Edition, y TIBCO Spotfire Analytics Platform para AWS Marketplace del componente servidor de TIBCO Software Inc., contiene una vulnerabilidad que teóricamente permite a un usuario no autenticado omitir los controles de acceso y ejecutar código remotamente usando el alojamiento de una cuenta de sistema operativo en el componente afectado. Este problema afecta: TIBCO Enterprise Runtime para R - Server Edition versiones 1.2.0 y posteriores, y TIBCO Spotfire Analytics Platform para AWS Marketplace versiones 10.4.0 y 10.5.0. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210 •