CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22775 – TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-22775
17 May 2022 — The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: v... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-22773 – TIBCO JasperReports Server Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-22773
17 May 2022 — The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or ... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22774 – TIBCO Managed File Transfer Command Center XXE Vulnerability
https://notcve.org/view.php?id=CVE-2022-22774
10 May 2022 — The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Cen... • https://www.tibco.com/services/support/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.5EPSS: 1%CPEs: 3EXPL: 0CVE-2022-22772 – TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22772
30 Mar 2022 — The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Tr... • https://www.tibco.com/services/support/advisories •
CVSS: 9.9EPSS: 0%CPEs: 10EXPL: 0CVE-2022-22771 – TIBCO JasperReports Library Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2022-22771
15 Mar 2022 — The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version ... • https://www.tibco.com/services/support/advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2022-22770 – TIBCO AuditSafe API Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-22770
15 Feb 2022 — The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below. El componente Web Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43050 – TIBCO BusinessConnect Container Edition administrative username and passwords leakage
https://notcve.org/view.php?id=CVE-2021-43050
15 Feb 2022 — The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. El componente Auth Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43049 – TIBCO BusinessConnect Container Edition username and password leakage
https://notcve.org/view.php?id=CVE-2021-43049
15 Feb 2022 — The Database component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain the usernames and passwords of users of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. El componente de base de datos de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories •
CVSS: 9.0EPSS: 0%CPEs: 45EXPL: 0CVE-2022-22769 – TIBCO EBX vulnerabilities
https://notcve.org/view.php?id=CVE-2022-22769
19 Jan 2022 — The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO So... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35500 – TIBCO Data Virtualization Arbitrary File Download vulnerability
https://notcve.org/view.php?id=CVE-2021-35500
12 Jan 2022 — The Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization, TIBCO Data Virtualization, TIBCO Data Virtualization, and TIBCO Data Virtualization for AWS Marketplace contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to download arbitrary files outside of the scope of the user's permissions on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.3.0 and below, TIBCO Data Virtua... • https://www.tibco.com/services/support/advisories •