CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2021-28829 – TIBCO Administrator CSV injection vulnerability
https://notcve.org/view.php?id=CVE-2021-28829
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a persistent CSV injection attack from the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28829 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-28828 – TIBCO Administrator SQL injection vulnerability
https://notcve.org/view.php?id=CVE-2021-28828
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, and TIBCO Administrator - Enterprise Edition for z/Linux contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a SQL injection attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, and TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1. El componente GUI de Administración de TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution para TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution para TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition para z/Linux y TIBCO Administrator - Enterprise Edition para z/Linux de TIBCO Software Inc, contiene una vulnerabilidad fácilmente explotable que permite a un atacante poco privilegiado con acceso a la red ejecutar un ataque de inyección SQL en el sistema afectado. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28828 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.6EPSS: 0%CPEs: 15EXPL: 0CVE-2021-28827 – TIBCO Administrator Stored Cross Site Scripting vulnerability
https://notcve.org/view.php?id=CVE-2021-28827
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime Agent for z/Linux contains an easily exploitable vulnerability that allows an unauthenticated attacker to social engineer a legitimate user with network access to execute a Stored XSS attack targeting the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric: versions 5.11.0 and 5.11.1, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.10.2 and below, TIBCO Administrator - Enterprise Edition for z/Linux: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent: versions 5.10.2 and below, TIBCO Runtime Agent: versions 5.11.0 and 5.11.1, TIBCO Runtime Agent for z/Linux: versions 5.10.2 and below, and TIBCO Runtime Agent for z/Linux: versions 5.11.0 and 5.11.1. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2021/04/tibco-security-advisory-april-20-2021-tibco-administrator-2021-28827 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5432 – TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2018-5432
The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. El componente del servidor TIBCO Administrator de TIBCO Administrator - Enterprise Edition y TIBCO Administrator - Enterprise Edition para z/Linux, de TIBCO Software Inc., contiene múltiples vulnerabilidades por las que un usuario malicioso podría, teóricamente, realizar ataques de Cross-Site Scripting (XSS) manipulando artefactos antes de subirlos. • http://www.securityfocus.com/bid/104458 https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-5433 – XML eXternal Entity Expansion Vulnerabilities with TIBCO Administrator
https://notcve.org/view.php?id=CVE-2018-5433
The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1. El componente del servidor TIBCO Administrator de TIBCO Administrator - Enterprise Edition y TIBCO Administrator - Enterprise Edition para z/Linux, de TIBCO Software Inc., contiene vulnerabilidades por las que un usuario malicioso podría realizar ataques de XEE (XML External Entity) para revelar información de la máquina host. • http://www.securityfocus.com/bid/104451 https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5433 • CWE-611: Improper Restriction of XML External Entity Reference •