CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10218 – TIBCO Hawk Stored-XEE Vulnerability
https://notcve.org/view.php?id=CVE-2024-10218
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10217 – TIBCO Hawk Stored-XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-10217
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4576 – TIBCO EBX File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2024-4576
The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. El componente enumerado anteriormente contiene una vulnerabilidad que permite a un atacante atravesar directorios y acceder a archivos confidenciales, lo que lleva a la divulgación no autorizada de la configuración del sistema e información potencialmente confidencial. • https://community.tibco.com/advisories/tibco-security-advisory-june-11-2024-tibco-ebx-cve-2024-4576-r215 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3182
https://notcve.org/view.php?id=CVE-2024-3182
Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files. Vulnerabilidad de divulgación de contraseña de tipo de instalación en Universal Installer, incluido Silent Installer en TIBCO Hawk versiones 6.2.0, 6.2.1, 6.2.2 y 6.2.3, permite que la contraseña del Enterprise Message Service (EMS) del usuario quede expuesta fuera de hawkagent.cfg y archivos de configuración hawkevent.cfg. • https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3323 – Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-3323
Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact. Cross Site Scripting en la validación de solicitud/respuesta de UI en TIBCO JasperReports Server 8.0.4 y 8.2.0 permite la inyección de scripts ejecutables maliciosos en el código de una aplicación confiable que pueden llevar a robar la cookie de sesión activa del usuario mediante el envío de un enlace malicioso, incitando al usuario a interactuar. • https://community.tibco.com/advisories/tibco-security-advisory-april-9-2024-tibco-jasperreports-server-cve-2024-3323-r209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •