CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-8990 – TIBCO ActiveMatrix BusinessWorks Fails To Properly Enforce Authentication
https://notcve.org/view.php?id=CVE-2019-8990
09 Apr 2019 — The HTTP Connector component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks contains a vulnerability that theoretically allows unauthenticated HTTP requests to be processed by the BusinessWorks engine even when authentication is required. This possibility is restricted to circumstances where HTTP "Basic Authentication" policy is used in conjunction with an XML Authentication resource. The BusinessWorks engine might instead use credentials from a prior HTTP request for authorization purposes. Affe... • http://www.securityfocus.com/bid/107840 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-12408 – TIBCO ActiveMatrix BusinessWorks 5.X XML eXternal Entity Vulnerability
https://notcve.org/view.php?id=CVE-2018-12408
08 Aug 2018 — The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13... • http://www.securityfocus.com/bid/105043 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2012-0688
https://notcve.org/view.php?id=CVE-2012-0688
13 Mar 2012 — Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, ... • http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2012-0687
https://notcve.org/view.php?id=CVE-2012-0687
13 Mar 2012 — TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TI... • http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-0689
https://notcve.org/view.php?id=CVE-2012-0689
13 Mar 2012 — The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors. El servidor de TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anteriores a 3.1.5, BusinessWorks Service Engine 5.9.x anteriores a ... • http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 1%CPEs: 10EXPL: 0CVE-2010-4495
https://notcve.org/view.php?id=CVE-2010-4495
17 Dec 2010 — Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections. Vulnerabilidad no especificada en el componente Runtime ActiveMatrix de TIBCO ActiveMatrix Service Grid v3.0... • http://secunia.com/advisories/42640 •
CVSS: 10.0EPSS: 6%CPEs: 4EXPL: 0CVE-2010-3491
https://notcve.org/view.php?id=CVE-2010-3491
26 Oct 2010 — The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors. Los componentes (1) ActiveMatrix Runtime y(2) ActiveMa... • http://secunia.com/advisories/41891 • CWE-20: Improper Input Validation •