CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10218 – TIBCO Hawk Stored-XEE Vulnerability
https://notcve.org/view.php?id=CVE-2024-10218
12 Nov 2024 — XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10217 – TIBCO Hawk Stored-XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-10217
12 Nov 2024 — XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1137 – TIBCO ActiveSpaces Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2024-1137
12 Mar 2024 — The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. Los componentes Proxy y Cliente de TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc. contienen una vulnerabilidad que, en teoría, permite a un cliente de Active ... • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1138 – TIBCO FTL Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-1138
12 Mar 2024 — The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. El componente del servidor FTL de TIBCO FTL - Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que permite a un atacante con pocos privilegios y acceso a la red ej... • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207 • CWE-269: Improper Privilege Management •