CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-5531
https://notcve.org/view.php?id=CVE-2017-5531
Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications. Despliegues de TIBCO Managed File Transfer Command Center en versiones 8.0.0 y 8.0.1 y TIBCO Managed File Transfer Internet Server en versiones 8.0.0 y 8.0.1 que habilitan el servicio administrador se pueden ver afectados por una vulnerabilidad que puede permitir a cualquier usuario autenticado obtener control administrativo de las aplicaciones web Managed File Transfer. • http://www.securityfocus.com/bid/101545 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2017/10/tibco-security-advisory-october-17-2017-tibco-managed-file-transfer •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2017-5528 – TIBCO JasperReports Server cross-site vulnerabilities
https://notcve.org/view.php?id=CVE-2017-5528
Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. Affects TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, and 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.2.0 and below), and TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.2.0 and below). Múltiples componentes JasperReports Server contienen vulnerabilidades que podrían permitir que usuarios autorizados realicen ataques de Cross-Site Scripting (XSS) y Cross-Site Request Forgery (CSRF). El impacto de esta vulnerabilidad incluye la revelación teórica de información sensible. • https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2017-5529 – TIBCO JasperReports Library Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5529
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below), TIBCO JasperReports Library for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO JasperReports Professional (versions 6.2.1 and below, and 6.3.0), TIBCO JasperReports Server (versions 6.1.1 and below, 6.2.0, 6.2.1, 6.3.0), TIBCO JasperReports Server Community Edition (versions 6.3.0 and below), TIBCO JasperReports Server for ActiveMatrix BPM (versions 6.2.0 and below), TIBCO Jaspersoft for AWS with Multi-Tenancy (versions 6.3.0 and below), TIBCO Jaspersoft Reporting and Analytics for AWS (versions 6.3.0 and below), and TIBCO Jaspersoft Studio for ActiveMatrix BPM (versions 6.2.0 and below). Los componentes de la biblioteca JasperReports contienen una vulnerabilidad de divulgación de información. Esta vulnerabilidad incluye la divulgación, en teoría, de cualquier información accesible desde el sistema de archivos del host. • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5527 – TIBCO Spotfire injection vulnerabilities
https://notcve.org/view.php?id=CVE-2017-5527
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. Spotfire Server versiones 7.0.X y anteriores a 7.0.2, versiones 7.5.x y anteriores a 7.5.1, versiones 7.6.x y anteriores a 7.6.1, versiones 7.7.x y anteriores a 7.7.1, y las versiones 7.8.x y anteriores a 7.8.1, y Spotfire Analytics Platform versión 7.8.0 y anteriores, de TIBCO para AWS Marketplace, contienen varias vulnerabilidades que pueden permitir a los usuarios autorizados realizar ataques de inyección SQL. • http://www.securityfocus.com/bid/98398 http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3628
https://notcve.org/view.php?id=CVE-2016-3628
Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data. Desbordamiento de buffer en tibemsd en el servidor en TIBCO Enterprise Message Service (EMS) en versiones anteriores a 8.3.0 y EMS Appliance en versiones anteriores a 2.4.0 permite a usuarios remotos autenticados causar una denegación de servicio o posiblemente ejecutar código arbitrario a través de datos entrantes manipulados. • http://www.tibco.com/assets/blt8a2d9978616c21fe/2016-001-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •