CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26217 – TIBCO EBX Add-ons SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-26217
The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. • https://www.tibco.com/services/support/advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26215 – TIBCO EBX® Add-ons Path Traversal
https://notcve.org/view.php?id=CVE-2023-26215
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. • https://www.tibco.com/services/support/advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26216 – TIBCO EBX Add-ons Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-26216
The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. • https://www.tibco.com/services/support/advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-29268 – TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2023-29268
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0. • https://www.tibco.com/services/support/advisories • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26214 – TIBCO BusinessConnect Reflected XSS Vulnerability
https://notcve.org/view.php?id=CVE-2023-26214
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •