CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-26217 – TIBCO EBX Add-ons SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2023-26217
19 Jul 2023 — The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. • https://www.tibco.com/services/support/advisories • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26215 – TIBCO EBX® Add-ons Path Traversal
https://notcve.org/view.php?id=CVE-2023-26215
25 May 2023 — The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. • https://www.tibco.com/services/support/advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-203: Observable Discrepancy •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26216 – TIBCO EBX Add-ons Arbitrary File Write
https://notcve.org/view.php?id=CVE-2023-26216
25 May 2023 — The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. • https://www.tibco.com/services/support/advisories • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41566 – TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-41566
22 Feb 2023 — The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below. • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30578 – TIBCO EBX Add-ons Stored XSS vulnerability
https://notcve.org/view.php?id=CVE-2022-30578
21 Sep 2022 — The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below. • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 45EXPL: 0CVE-2022-22769 – TIBCO EBX vulnerabilities
https://notcve.org/view.php?id=CVE-2022-22769
19 Jan 2022 — The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add-ons, TIBCO EBX Add-ons, TIBCO EBX Add-ons, and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO So... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-27148 – TIBCO EBX EXML External Entity
https://notcve.org/view.php?id=CVE-2020-27148
12 Jan 2021 — The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below. El Add-on TIBCO EBX para Oracle Hyperion EPM, el Add-on TIBCO EBX Data Exchange y los componentes del Add-on TIBCO EBX... • http://www.tibco.com/services/support/advisories • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17332 – TIBCO EBX Add-on For Digital Asset Manager Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17332
12 Nov 2019 — The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2. El componente Digital Asset Manager Web Interface de los Add-ons TIBCO EBX de TIBCO Software Inc. contiene una vulnerabilidad que teóricamente permite a... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-17331 – TIBCO EBX Add-on For Data Exchange Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-17331
12 Nov 2019 — The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0. El componente Data Exchange Web Interface de los Add-ons TIBCO EBX de TIBCO Software Inc. contiene una vulnerabilidad que teóricamente permite a usuarios autenticados realizar ataques de... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •