CVSS: 5.5EPSS: 0%CPEs: 29EXPL: 0CVE-2023-26220 – TIBCO Spotfire Stored Cross-site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2023-26220
10 Oct 2023 — The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 29EXPL: 0CVE-2022-41558 – TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-41558
15 Nov 2022 — The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful at... • https://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2021-43051 – TIBCO Spotfire Server API Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2021-43051
14 Dec 2021 — The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions 10.10.6 and... • https://www.tibco.com/services/support/advisories •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-28830 – TIBCO Spotfire Windows Platform Artifact Search vulnerability
https://notcve.org/view.php?id=CVE-2021-28830
29 Jun 2021 — The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theo... • http://www.tibco.com/services/support/advisories •
CVSS: 8.8EPSS: 0%CPEs: 32EXPL: 0CVE-2021-23275 – TIBCO Spotfire Windows Platform Installation vulnerability
https://notcve.org/view.php?id=CVE-2021-23275
29 Jun 2021 — The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged at... • http://www.tibco.com/services/support/advisories • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.0EPSS: 0%CPEs: 30EXPL: 0CVE-2021-23273 – TIBCO Spotfire Cross Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2021-23273
09 Mar 2021 — The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.9EPSS: 0%CPEs: 22EXPL: 0CVE-2020-9408 – TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9408
11 Mar 2020 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arb... • http://www.tibco.com/services/support/advisories • CWE-276: Incorrect Default Permissions •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17337 – TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17337
17 Dec 2019 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17336 – TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources
https://notcve.org/view.php?id=CVE-2019-17336
17 Dec 2019 — The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software I... • http://www.tibco.com/services/support/advisories •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17335 – TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users
https://notcve.org/view.php?id=CVE-2019-17335
17 Dec 2019 — The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6... • http://www.tibco.com/services/support/advisories •