CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10218 – TIBCO Hawk Stored-XEE Vulnerability
https://notcve.org/view.php?id=CVE-2024-10218
12 Nov 2024 — XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-10217 – TIBCO Hawk Stored-XSS Vulnerability
https://notcve.org/view.php?id=CVE-2024-10217
12 Nov 2024 — XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence • https://community.tibco.com/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4576 – TIBCO EBX File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2024-4576
13 Jun 2024 — The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. El componente enumerado anteriormente contiene una vulnerabilidad que permite a un atacante atravesar directorios y acceder a archivos confidenciales, lo que lleva a la divulgación no autorizada de la configuración del sistema e información potencialmente confidencial. • https://community.tibco.com/advisories/tibco-security-advisory-june-11-2024-tibco-ebx-cve-2024-4576-r215 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3182
https://notcve.org/view.php?id=CVE-2024-3182
15 May 2024 — Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files. Vulnerabilidad de divulgación de contraseña de tipo de instalación en Universal Installer, incluido Silent Installer en TIBCO Hawk versiones 6.2.0, 6.2.1, 6.2.2 y 6.2.3, permite que la contraseña del Enterprise Message Service ... • https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3323 – Reflected Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-3323
17 Apr 2024 — Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending malicious link, enticing the user to interact. Cross Site Scripting en la validación de solicitud/respuesta de UI en TIBCO JasperReports Server 8.0.4 y 8.2.0 permite la inyección de scripts ejecutables maliciosos en el código de una apli... • https://community.tibco.com/advisories/tibco-security-advisory-april-9-2024-tibco-jasperreports-server-cve-2024-3323-r209 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1137 – TIBCO ActiveSpaces Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2024-1137
12 Mar 2024 — The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. Los componentes Proxy y Cliente de TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc. contienen una vulnerabilidad que, en teoría, permite a un cliente de Active ... • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208 • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1138 – TIBCO FTL Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-1138
12 Mar 2024 — The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. El componente del servidor FTL de TIBCO FTL - Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que permite a un atacante con pocos privilegios y acceso a la red ej... • https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207 • CWE-269: Improper Privilege Management •
CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26222 – TIBCO EBX Cross-site Scripting (XXS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-26222
14 Nov 2023 — The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below. El componente Web Application de TIBCO Soft... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-26221 – TIBCO Spotfire Insufficiently Protected Credential vulnerability
https://notcve.org/view.php?id=CVE-2023-26221
08 Nov 2023 — The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 1... • https://www.tibco.com/services/support/advisories • CWE-522: Insufficiently Protected Credentials •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26219 – TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26219
24 Oct 2023 — The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6... • https://www.tibco.com/services/support/advisories • CWE-798: Use of Hard-coded Credentials •