CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-12414 – TIBCO Rendezvous Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12414
The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache), and Rendezvous Daemon Manager (rvdm) components of TIBCO Software Inc.'s TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server, TIBCO Substation ES contain vulnerabilities which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Rendezvous: versions up to and including 8.4.5, TIBCO Rendezvous Developer Edition: versions up to and including 8.4.5, TIBCO Rendezvous for z/Linux: versions up to and including 8.4.5, TIBCO Rendezvous for z/OS: versions up to and including 8.4.5, TIBCO Rendezvous Network Server: versions up to and including 1.1.2, and TIBCO Substation ES: versions up to and including 2.12.2. Los componentes Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon (rvrsd), Rendezvous Secure Daemon (rvsd), Rendezvous Cache (rvcache) y Rendezvous Daemon Manager (rvdm) de TIBCO Rendezvous, TIBCO Rendezvous Developer Edition, TIBCO Rendezvous for z/Linux, TIBCO Rendezvous for z/OS, TIBCO Rendezvous Network Server y TIBCO Substation ES, de TIBCO Software Inc., contiene vulnerabilidades que podrían permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105871 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-rendezvous • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-12413 – TIBCO Messaging - Apache Kafka Distribution - Schema Repository Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12413
The Schema repository server (tibschemad) component of TIBCO Software Inc.'s TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition: 1.0.0, and TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition: 1.0.0. El componente del servidor del repositorio Schema (tibrealmserver) de TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Community Edition y TIBCO Messaging - Apache Kafka Distribution - Schema Repository - Enterprise Edition, de TIBCO Software Inc., contiene una vulnerabilidad que podría permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105874 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-messaging-apache-kafka-distribution-schema-repository • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12412 – TIBCO FTL Realm Server Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12412
The realm server (tibrealmserver) component of TIBCO Software Inc. TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc. TIBCO FTL - Community Edition: versions up to and including 5.4.0, TIBCO FTL - Developer Edition: versions up to and including 5.4.0, TIBCO FTL - Enterprise Edition: versions up to and including 5.4.0. El componente del servidor del realm (tibrealmserver) de TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition y TIBCO FTL - Enterprise Edition, de TIBCO Software Inc., contiene una vulnerabilidad que podría permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105861 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-ftl • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-12411 – TIBCO ActiveSpaces Administrative Daemon Vulnerable to CSRF Attacks
https://notcve.org/view.php?id=CVE-2018-12411
The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition, and TIBCO ActiveSpaces - Enterprise Edition contains a vulnerability which may allow an attacker to perform cross-site request forgery (CSRF) attacks. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Community Edition: 3.3.0; 3.4.0; 3.5.0, TIBCO ActiveSpaces - Developer Edition: 3.0.0; 3.1.0; 3.3.0; 3.4.0; 3.5.0, and TIBCO ActiveSpaces - Enterprise Edition: 3.0.0; 3.1.0; 3.2.0; 3.3.0; 3.4.0; 3.5.0. El demonio administrativo (tibdgadmind) de TIBCO ActiveSpaces - Community Edition, TIBCO ActiveSpaces - Developer Edition y TIBCO ActiveSpaces - Enterprise Edition, de TIBCO Software Inc., contiene una vulnerabilidad que podría permitir que un atacante realice ataques de Cross-Site Request Forgery (CSRF). • http://www.securityfocus.com/bid/105869 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/11/tibco-security-advisory-november-6-2018-tibco-activespaces • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-12410 – TIBCO Spotfire Statistics Services remote execution vulnerabilities
https://notcve.org/view.php?id=CVE-2018-12410
The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0. El componente web server de Spotfire Statistics Services, de TIBCO Software, contiene múltiples vulnerabilidades que podrían permitir la ejecución remota de código. • http://www.securityfocus.com/bid/105558 https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics •