CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-11205 – TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11205
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0. El componente Web Server de TIBCO Software Inc. • http://www.securityfocus.com/bid/108384 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2019-11204 – TIBCO Spotfire Statistics Services Exposes Sensitive Files
https://notcve.org/view.php?id=CVE-2019-11204
The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0. • http://www.securityfocus.com/bid/108347 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8995 – TIBCO ActiveMatrix BPM Open Redirect Vulnerability
https://notcve.org/view.php?id=CVE-2019-8995
The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contain a vulnerability wherein a malicious URL could trick a user into visiting a website of the attacker's choice. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1. El cliente de espacio de trabajo, el cliente de espacio abierto y el cliente de desarrollo de aplicaciones de TIBCO Software Inc. de TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric y TIBCO Silver Fabric Enabler para ActiveMatrix BPM contienen una vulnerabilidad en la que una URL maliciosa podría engañar a un usuario para que visite un sitio web elegido por el atacante. • http://www.securityfocus.com/bid/108062 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8995 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0CVE-2019-8994 – TIBCO ActiveMatrix BPM Escalation of Privileges Vulnerability
https://notcve.org/view.php?id=CVE-2019-8994
The workspace client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM contains vulnerabilities where an authenticated user can change settings that can theoretically adversely impact other users. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, and TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1. El cliente de espacio de trabajo de TIBCO Software Inc., TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric y TIBCO Silver Fabric Enabler para ActiveMatrix BPM, contiene vulnerabilidades en las que un usuario autenticado puede cambiar la configuración que teóricamente puede afectar negativamente a otros usuarios. • http://www.securityfocus.com/bid/108060 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-activematrix-bpm-2019-8994 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2019-8993 – TIBCO Active Matrix Service Grid Administrator Unauthenticated Download of Sensitive File
https://notcve.org/view.php?id=CVE-2019-8993
The administrative web server component of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric, TIBCO Silver Fabric Enabler for ActiveMatrix BPM, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid contains a vulnerability that could theoretically allow an unauthenticated user to download a file with credentials information. Affected releases are TIBCO Software Inc.'s TIBCO ActiveMatrix BPM: versions up to and including 4.2.0, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric: versions up to and including 4.2.0, TIBCO ActiveMatrix Policy Director: versions up to and including 1.1.0, TIBCO ActiveMatrix Service Bus: versions up to and including 3.3.0, TIBCO ActiveMatrix Service Grid: versions up to and including 3.3.1, TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric: versions up to and including 3.3.0, TIBCO Silver Fabric Enabler for ActiveMatrix BPM: versions up to and including 1.4.1, and TIBCO Silver Fabric Enabler for ActiveMatrix Service Grid: versions up to and including 1.3.1. El componente de servidor web administrativo de TIBCO Software Inc.TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution para TIBCO Silver Fabric, TIBCO ActiveMatrix Policy Director, TIBCO ActiveMatrix Service Bus, TIBCO ActiveMatrix Service Grid, TIBCO ActiveMatrix Service Grid Distribution para TIBCO Silver Fabric, TIBCO Silver Fabric Enabler para ActiveMatrix BPM y TIBCO Silver Fabric Enabler para ActiveMatrix Service Grid contienen una vulnerabilidad que teóricamente podría permitir a un usuario no autenticado descargar un archivo con información de credenciales. • http://www.securityfocus.com/bid/108056 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/04/tibco-security-advisory-april-24-2019-tibco-active-matrix-service-grid-2019-8993 • CWE-306: Missing Authentication for Critical Function •