CVE-2022-22774 – TIBCO Managed File Transfer Command Center XXE Vulnerability
https://notcve.org/view.php?id=CVE-2022-22774
The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1. Los componentes DOM XML parser y SAX XML parser de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/05/tibco-security-advisory-may-10-2022-tibco-mftcc-2022-22774 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-22772 – TIBCO Managed File Transfer Platform Server Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-22772
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below. Los componentes cfsend, cfrecv y CyberResp de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-30-2022-tibco-managed-file-transfer-2022-22772 •
CVE-2022-22771 – TIBCO JasperReports Library Directory Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2022-22771
The Server component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1. El componente Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/03/tibco-security-advisory-march-15-2022-tibco-jasperreports-library-2022-22771 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2022-22770 – TIBCO AuditSafe API Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-22770
The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and below. El componente Web Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories •
CVE-2021-43050 – TIBCO BusinessConnect Container Edition administrative username and passwords leakage
https://notcve.org/view.php?id=CVE-2021-43050
The Auth Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition contains an easily exploitable vulnerability that allows an unauthenticated attacker with local access to obtain administrative usernames and passwords for the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Container Edition: versions 1.1.0 and below. El componente Auth Server de TIBCO Software Inc.' • https://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2022/01/tibco-security-advisory-february-15-2022-tibco-bcce-2021-43050 •