CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18813 – TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-18813
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0. El componente del servidor web Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene múltiples vulnerabilidades que podrían permitir ataques de Componente persistente y reflejado. • http://www.securityfocus.com/bid/106635 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 6EXPL: 0CVE-2018-18810 – TIBCO Managed File Transfer Credentials Disclosure
https://notcve.org/view.php?id=CVE-2018-18810
The Administrator Service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, and TIBCO Managed File Transfer Internet Server contains vulnerabilities where an authenticated user with specific privileges can gain access to credentials to other systems. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0, and TIBCO Managed File Transfer Internet Server: versions up to and including 7.3.2; 8.0.0; 8.0.1; 8.0.2; 8.1.0. El componente Administrator Service de TIBCO Managed File Transfer Command Center y TIBCO Managed File Transfer Internet Server, de TIBCO Software Inc., contiene vulnerabilidades por las que un usuario autenticado con privilegios específicos puede obtener acceso a las credenciales de otros sistemas. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/12/tibco-security-advisory-december-11-2018-tibco-managed-file-transfer •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18807 – TIBCO Statistica Server Vulnerable to Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-18807
The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Statistica Server versions up to and including 13.4.0. La aplicación web del componente TIBCO Statistica, del servidor TIBCO Statistica de TIBCO Software Inc., contiene vulnerabilidades que podrían permitir a un usuario autenticado realizar ataques Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/106021 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-26-2018-tibco-statistica-server • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-12416 – TIBCO DataSynapse GridServer Manager Component Vulnerable to Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-12416
The GridServer Broker and GridServer Director components of TIBCO Software Inc.'s TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an unauthenticated user to perform cross-site request forgery (CSRF). Affected releases are TIBCO Software Inc. TIBCO DataSynapse GridServer Manager: versions up to and including 5.2.0; 6.0.0; 6.0.1; 6.0.2; 6.1.0; 6.1.1; 6.2.0; 6.3.0. Los componentes GridServer Broker y GridServer Director de TIBCO DataSynapse GridServer Manager, de TIBCO Software Inc., contienen vulnerabilidades que podrían permitir que un usuario no autenticado realice Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105913 https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-13-2018-tibco-datasynapse-gridserver-manager • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12415 – TIBCO Enterprise Message Service Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12415
The Central Administration server (emsca) component of TIBCO Software Inc.'s TIBCO Enterprise Message Service, TIBCO Enterprise Message Service - Community Edition, and TIBCO Enterprise Message Service - Developer Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Message Service: versions 8.4.0 and below, TIBCO Enterprise Message Service - Community Edition: versions 8.4.0 and below, and TIBCO Enterprise Message Service - Developer Edition: versions 8.4.0 and below. El componente del servidor Central Administration (emsca) de TIBCO Software Inc.' • http://www.securityfocus.com/bid/105850 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-enterprise-messaging-service • CWE-352: Cross-Site Request Forgery (CSRF) •