CVE-2024-10218 – TIBCO Hawk Stored-XEE Vulnerability
https://notcve.org/view.php?id=CVE-2024-10218
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2024-10217 – TIBCO Hawk Stored-XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-10217
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2024-1137 – TIBCO ActiveSpaces Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2024-1137
The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. Los componentes Proxy y Cliente de TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc. contienen una vulnerabilidad que, en teoría, permite a un cliente de Active Spaces observar pasivamente el tráfico de datos hacia otros clientes. • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208 • CWE-862: Missing Authorization •
CVE-2024-1138 – TIBCO FTL Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-1138
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. El componente del servidor FTL de TIBCO FTL - Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que permite a un atacante con pocos privilegios y acceso a la red ejecutar una escalada de privilegios en el servidor ftl afectado. • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207 •