CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43055 – TIBCO eFTL Token Caching Vulnerability
https://notcve.org/view.php?id=CVE-2021-43055
11 Jan 2022 — The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFTL - Enterprise Edition: versions ... • https://www.tibco.com/services/support/advisories •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43054 – TIBCO eFTL Token Generation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43054
11 Jan 2022 — The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions. Affected releases are TIBCO Software Inc.'s TIBCO eFTL - Community Edition: versions 6.7.2 and below, TIBCO eFTL - Developer Edition: versions 6.7.2 and below, and TIBCO eFT... • https://www.tibco.com/services/support/advisories •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43053 – TIBCO FTL Secret Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2021-43053
11 Jan 2022 — The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - ... • https://www.tibco.com/services/support/advisories •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-43052 – TIBCO FTL Secret Generation Vulnerability
https://notcve.org/view.php?id=CVE-2021-43052
11 Jan 2022 — The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versio... • https://www.tibco.com/services/support/advisories • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-43051 – TIBCO Spotfire Server API Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2021-43051
14 Dec 2021 — The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and... • https://www.tibco.com/services/support/advisories •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43048 – TIBCO PartnerExpress Click-Jacking vulnerability
https://notcve.org/view.php?id=CVE-2021-43048
16 Nov 2021 — The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain a vulnerability that theoretically allows an unauthenticated attacker with network access to execute a clickjacking attack on the affected system. A successful attack using this vulnerability does not require human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. • https://www.tibco.com/services/support/advisories • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43047 – TIBCO PartnerExpress Cross Site Scripting vulnerabilities
https://notcve.org/view.php?id=CVE-2021-43047
16 Nov 2021 — The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-43046 – TIBCO PartnerExpress Session Token in URL
https://notcve.org/view.php?id=CVE-2021-43046
16 Nov 2021 — The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain an easily exploitable vulnerability that allows an unauthenticated attacker with network access to obtain session tokens for the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. • https://www.tibco.com/services/support/advisories •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-35499 – TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities
https://notcve.org/view.php?id=CVE-2021-35499
26 Oct 2021 — The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below.... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-35498 – TIBCO EBX Insecure Login Mechanism
https://notcve.org/view.php?id=CVE-2021-35498
13 Oct 2021 — The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and TIBCO Product and Service Catalog powered by TIBCO EBX contains a vulnerability that under certain specific conditions allows an attacker to enter a password other than the legitimate password and it will be accepted as valid. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.8.123 and below, TIBCO EBX: versions 5.9.3, 5.9.4, 5.9.5, 5.9.6, 5.9.7, 5.9.8, 5.9.9, 5.9.10, 5.9.11, 5.9.12, 5.9.13, and ... • https://www.tibco.com/services/support/advisories • CWE-521: Weak Password Requirements •