CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35498 – TIBCO EBX Insecure Login Mechanism
https://notcve.org/view.php?id=CVE-2021-35498
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and 5.9.14, TIBCO EBX: versions 6.0.0 and 6.0.1, and TIBCO Product and Service Catalog powered by TIBCO EBX: version 1.0.0. El componente TIBCO EBX Web Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/10/tibco-security-advisory-october-13-2021-tibco-ebx-2021-35498 • CWE-521: Weak Password Requirements •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23271 – TIBCO EBX Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-23271
The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.12 and below. El componente TIBCO EBX Web Server de TIBCO EBX de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite a un atacante poco privilegiado con acceso a la red ejecutar un ataque de tipo Cross Site Scripting (XSS) Almacenado en el sistema afectado. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/02/tibco-security-advisory-february-2-2021-tibco-ebx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27148 – TIBCO EBX EXML External Entity
https://notcve.org/view.php?id=CVE-2020-27148
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below. El Add-on TIBCO EBX para Oracle Hyperion EPM, el Add-on TIBCO EBX Data Exchange y los componentes del Add-on TIBCO EBX Insight de los complementos TIBCO EBX de TIBCO Software Inc. contienen una vulnerabilidad que teóricamente permite a un atacante poco privilegiado con acceso a la red para ejecutar un ataque de Entidad Externa XML (XXE). • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx https://www.tibco.com/support/advisories/2021/01/tibco-security-advisory-january-12-2021-tibco-ebx-add-ons • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17333 – TIBCO EBX Exposes Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-17333
The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.1.fixS and below, versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, and 5.9.7. El componente Web server de TIBCO EBX de TIBCO Software Inc, contiene una vulnerabilidad que teóricamente permite a usuarios autenticados llevar a cabo ataques de tipo cross-site scripting (XSS) almacenado. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2020/02/tibco-security-advisory-february-19-2020-tibco-ebx • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17332 – TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17332
The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2. El componente Digital Asset Manager Web Interface de los Add-ons TIBCO EBX de TIBCO Software Inc. contiene una vulnerabilidad que teóricamente permite a usuarios autenticados realizar ataques de tipo cross-site scripting (XSS) almacenados. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •