CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-2075
https://notcve.org/view.php?id=CVE-2014-2075
TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK 1.0.0 do not properly enforce administrative authentication requirements, which allows remote attackers to execute arbitrary commands via unspecified vectors. TIBCO Enterprise Administrator 1.0.0 y Enterprise Administrator SDK 1.0.0 no fuerza debidamente los requisitos de autenticación administrativa, lo que permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/enterprise_administator_advisory_20140226_tcm8-20533.txt • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-3315
https://notcve.org/view.php?id=CVE-2013-3315
The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors. El servidor TIBCO Silver Mobile v1.1.0 no verifica de forma adecuada el acceso al rol de administrador antes de ejecutar un comando, lo que permite a usuarios autenticados a aumentar privilegios de a través de vectores no especificados. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/silver-mobile-advisory-2013-05-08_tcm8-18595.txt http://www.tibco.com/services/support/advisories/silver-mobile-advisory_20130508.jsp • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2013-2372
https://notcve.org/view.php?id=CVE-2013-2372
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Engine de TIBCO Spotfire Web Player v3.3.x anterior a v3.3.3, v4.0.x anterior a v4.0.3, v4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 que permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2013-2371
https://notcve.org/view.php?id=CVE-2013-2371
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request. La API Web en el Statistics Server en TIBCO Spotfire Statistics Services v3.3.x anterior a v3.3.1, v4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 permite a atacantes remotos obtener información sensible mediante una solicitud HTTP. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire-statistics-services-advisory-2013-03-12_tcm8-18479.txt http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2013-2373
https://notcve.org/view.php?id=CVE-2013-2373
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. El Engine en TIBCO Spotfire Web Player v3.3.x anterior a v3.3.3, v4.0.x anterior a v4.0.3, 4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 no aplica correctamente el control de acceso, lo que permite a atacantes remotos obtener información sensible o modificar datos a través de vectores no especificados. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp • CWE-264: Permissions, Privileges, and Access Controls •