3 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en TIBCO iProcess Engine antes de v11.1.3 y iProcess Workspace antes de v 11.3.1, permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://osvdb.org/72554 http://secunia.com/advisories/44639 http://www.securityfocus.com/bid/47921 http://www.tibco.com/multimedia/iprocess_advisory_20110518_tcm8-13710.txt http://www.tibco.com/services/support/advisories/iprocess-advisory_20110518.jsp http://www.vupen.com/english/advisories/2011/1272 https://exchange.xforce.ibmcloud.com/vulnerabilities/67538 •

CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0

Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en TIBCO iProcess Engine antes de v11.1.3 y iProcess Workspace antes de v11.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://osvdb.org/72553 http://secunia.com/advisories/44639 http://www.securityfocus.com/bid/47921 http://www.tibco.com/multimedia/iprocess_advisory_20110518_tcm8-13710.txt http://www.tibco.com/services/support/advisories/iprocess-advisory_20110518.jsp http://www.vupen.com/english/advisories/2011/1272 https://exchange.xforce.ibmcloud.com/vulnerabilities/67537 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 5%CPEs: 22EXPL: 0

Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Hawk (1) la librería AMI C (libtibhawkami) y (2) Hawk HMA (tibhawkhma), como se usan en TIBCO Hawk antes de 4.8.1; Runtime Agent (TRA) anterior a 5.6.0; iProcess Engine de 10.3.0 a 10.6.2 y 11.0.0; y Mainframe Service Tracker anterior a 1.1.0 podría permitir a atacantes remotos ejecutar código de su elección mediante un mensaje manipulado. • http://secunia.com/advisories/31618 http://www.securityfocus.com/bid/30836 http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt http://www.vupen.com/english/advisories/2008/2448 https://exchange.xforce.ibmcloud.com/vulnerabilities/44604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •