NotCVE - vendor:"Tibco" product:"Web Player" version:"4.5.0"

4 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2015-9288

https://notcve.org/view.php?id=CVE-2015-9288

29 Jul 2019 — The Unity Web Player plugin before 4.6.6f2 and 5.x before 5.0.3f2 allows attackers to read messages or access online services via a victim's credentials El plugin Unity Web Player anterior a versión 4.6.6f2 y versiones 5.x anteriores a 5.0.3f2, permite a los atacantes leer mensajes o acceder a servicios en línea por medio de credenciales de una víctima • https://blogs.unity3d.com/2015/06/06/security-update-coming-for-web-player • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 1%CPEs: 37EXPL: 0

CVE-2014-2544

https://notcve.org/view.php?id=CVE-2014-2544

09 Apr 2014 — Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Se... • http://www.tibco.com/mk/advisory.jsp •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2013-2372

https://notcve.org/view.php?id=CVE-2013-2372

15 Mar 2013 — Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Engine de TIBCO Spotfire Web Player v3.3.x anterior a v3.3.3, v4.0.x anterior a v4.0.3, v4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 que permite a atacantes remotos... • http://www.tibco.com/mk/advisory.jsp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0

CVE-2013-2373

https://notcve.org/view.php?id=CVE-2013-2373

15 Mar 2013 — The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. El Engine en TIBCO Spotfire Web Player v3.3.x anterior a v3.3.3, v4.0.x anterior a v4.0.3, 4.5.x anterior a v4.5.1, y v5.0.x anterior a v5.0.1 no aplica correctamente el control de acceso, lo que permite a atacantes remotos obtener información... • http://www.tibco.com/mk/advisory.jsp • CWE-264: Permissions, Privileges, and Access Controls •