CVE-2012-0688
https://notcve.org/view.php?id=CVE-2012-0688
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anterioes a 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, y BPM anteriores a 1.3.0. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través de vectores desconocidos. • http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-0689
https://notcve.org/view.php?id=CVE-2012-0689
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors. El servidor de TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anteriores a 3.1.5, BusinessWorks Service Engine 5.9.x anteriores a 5.9.3, y BPM anteriores a 1.3.0 permite a atacantes remotos obtener credenciales a través de vectores sin especificar. • http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-0687
https://notcve.org/view.php?id=CVE-2012-0687
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL. TIBCO ActiveMatrix Runtime Platform de Service Grid y Service Bus 2.x anteriores a 2.3.2 y BusinessWorks Service Engine anteriores a 5.8.2; TIBCO ActiveMatrix Platform de TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid y Service Bus 3.x anteriores a 3.1.5, BusinessWorks Service Engine 5.9.x anteriores a 5.9.3, y BPM anteriores a 1.3.0; TIBCO BusinessEvents Runtime de Enterprise y Inference Editions 3.x anteriores a 3.0.3, Standard Edition 4.x anteriores a 4.0.2, y Standard Edition y Express 5.0.0; y TIBCO BusinessWorks Engine de TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 y ActiveMatrix BusinessWorks anteriores a 5.9.3 permiten a atacantes remotos obtener información confidencial a través de una URL modificada. • http://www.tibco.com/multimedia/activematrix2_advisory_20120308_tcm8-15726.txt http://www.tibco.com/multimedia/activematrix3_advisory_20120308_tcm8-15728.txt http://www.tibco.com/multimedia/businessevents_advisory_20120308_tcm8-15729.txt http://www.tibco.com/multimedia/businessworks_advisory_20120308_tcm8-15730.txt http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-0649
https://notcve.org/view.php?id=CVE-2011-0649
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd). Múltiples vulnerabilidades no especificadas en Rendezvous versiones 8.2.1 hasta 8.3.0, Enterprise Message Service (EMS) versiones 5.1.0 hasta 6.0.0, Runtime Agent (TRA) versiones 5.6.2 hasta 5.7.0, Silver BPM Service anterior a versión 1.0.4, Silver CAP Service anterior a versión 1.0.2 y Silver BusinessWorks Service versión 1.0.0, de TIBCO, cuando son ejecutados en sistemas Unix, permiten a los usuarios locales alcanzar privilegios root por medio de vectores desconocidos relacionados con el SUID y (1) Demonio de Enrutamiento de Rendezvous (rvrd), (2) Demonio de Seguridad de Rendezvous (rvsd), (3) Demonio de Enrutamiento de Seguridad de Rendezvous (rvsrd), y (4) Servidor EMS (tibemsd). • http://secunia.com/advisories/43160 http://secunia.com/advisories/43174 http://www.securityfocus.com/bid/46104 http://www.tibco.com/multimedia/rv_ems_security_advisory_20110201_tcm8-13185.txt http://www.vupen.com/english/advisories/2011/0269 https://exchange.xforce.ibmcloud.com/vulnerabilities/65105 •
CVE-2010-4495
https://notcve.org/view.php?id=CVE-2010-4495
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections. Vulnerabilidad no especificada en el componente Runtime ActiveMatrix de TIBCO ActiveMatrix Service Grid v3.0.0, v3.0.1 y v3.1.0; ActiveMatrix Service Bus v3.0.0 y v3.0.1; ActiveMatrix BusinessWorks Service Engine v5.9.0, v1.0.1 y ActiveMatrix BPM v1.0.2, Silver BPM Service v1.0.1, y de Silver CAP Service v1.0.0 permite a usuarios remotos autenticados para ejecutar código arbitrario a través de vectores relacionados con las conexiones JMX. • http://secunia.com/advisories/42640 http://www.securityfocus.com/bid/45400 http://www.securitytracker.com/id?1024894 http://www.tibco.com/multimedia/activematrix_advisory_20101214_tcm8-12728.txt http://www.vupen.com/english/advisories/2010/3241 •