CVSS: 10.0EPSS: 1%CPEs: 50EXPL: 0CVE-2018-5435 – TIBCO Spotfire Product Family Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5435
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0. Los componentes TIBCO Spotfire Client y TIBCO Spotfire Web Player Client de TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop y TIBCO Spotfire Desktop Language Packs de TIBCO Software Inc. contienen múltiples vulnerabilidades que podrían permitir la ejecución remota de código. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435 •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5428 – TIBCO Data Virtualization Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2018-5428
The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6. El componente del adaptador de control de versiones de TIBCO Data Virtualization (antes conocido como Cisco Information Server) contiene vulnerabilidades que podrían permitir la ejecución de comandos arbitrarios. Las versiones afectadas de TIBCO Data Virtualization son la 7.0.5 y la 7.0.6. • http://www.securityfocus.com/bid/104518 https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-20-2018-tibco-data-virtualization • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5434 – XML eXternal Entity Expansion Vulnerabilities with TIBCO Runtime Agent
https://notcve.org/view.php?id=CVE-2018-5434
The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Runtime Agent: versions up to and including 5.10.0, and TIBCO Runtime Agent for z/Linux: versions up to and including 5.9.1. El componente TIBCO Designer de TIBCO Runtime Agent y TIBCO Runtime Agent para z/Linux, de TIBCO Software Inc., contiene vulnerabilidades por las que un usuario malicioso podría realizar ataques de XEE (XML External Entity) para revelar información de la máquina host. • http://www.securityfocus.com/bid/104454 https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-runtime-agent-2018-5434 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5432 – TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-5432
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. El componente del servidor TIBCO Administrator de TIBCO Administrator - Enterprise Edition y TIBCO Administrator - Enterprise Edition para z/Linux, de TIBCO Software Inc., contiene múltiples vulnerabilidades por las que un usuario malicioso podría, teóricamente, realizar ataques de Cross-Site Scripting (XSS) manipulando artefactos antes de subirlos. • http://www.securityfocus.com/bid/104458 https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5433 – XML eXternal Entity Expansion Vulnerabilities with TIBCO Administrator
https://notcve.org/view.php?id=CVE-2018-5433
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. El componente del servidor TIBCO Administrator de TIBCO Administrator - Enterprise Edition y TIBCO Administrator - Enterprise Edition para z/Linux, de TIBCO Software Inc., contiene vulnerabilidades por las que un usuario malicioso podría realizar ataques de XEE (XML External Entity) para revelar información de la máquina host. • http://www.securityfocus.com/bid/104451 https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5433 • CWE-611: Improper Restriction of XML External Entity Reference •