CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3133
https://notcve.org/view.php?id=CVE-2011-3133
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de tipo session fixation en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos secuestrar sesiones web a traves de vectores no especificados. • http://secunia.com/advisories/45864 http://www.securitytracker.com/id?1025999 http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt http://www.tibco.com/services/support/advisories/default.jsp •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3134
https://notcve.org/view.php?id=CVE-2011-3134
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. Vulnerabilidad no especificada en TIBICO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, y Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos modificar datos y obtener informacion sensible a través de una URL modificada • http://secunia.com/advisories/45864 http://www.securitytracker.com/id?1025999 http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt http://www.tibco.com/services/support/advisories/default.jsp •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3132
https://notcve.org/view.php?id=CVE-2011-3132
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos inyectar secuencias de comandos web y HTML a traves de vectores no especificados. • http://secunia.com/advisories/45864 http://www.securitytracker.com/id?1025999 http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt http://www.tibco.com/services/support/advisories/default.jsp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •