Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a privilege escalation vulnerability (CVE-2025-14915)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a privilege escalation vulnerability with the restConnector-1.0 or restConnector-2.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security (CVE-2025-14917)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a security vulnerability that could provide weaker than expected security when administering security settings with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0,...

EUVD-2019-2912

Malware in sbrugna...

EUVD-2021-15486

Malware in sbrugna...

EUVD-2019-2911

Malware in sbrugna...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability that could provide weaker than expected security due to crypto.js (CVE-2020-36732)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a vulnerability in the crypto.js library with the openidConnectServer-1.0 feature enabled. Vulnerability Details Refer to the security bulletins listed in the...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service due to Apache Commons FileUpload with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Vulnerability Details Refer ...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service (CVE-2025-36047)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Enterprise Application Runtimes, is affected by a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Vulnerability Details Refer to the security...

CVE-2024-3331

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

CVE-2024-3331 Spotfire: NTLM token leakage

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

CVE-2024-3331 Spotfire: NTLM token leakage

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected...

CVE-2021-28830

The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace...

CVE-2021-23275

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfi...

CVE-2021-28830

The CVE-2021-28830 issue affects TIBCO Spotfire Server and related TIBCO Runtime for R components, where a local, low-privilege attacker with Windows access could abuse a component that searches for run-time artifacts outside the installation hierarchy to execute malicious software with elevated ...

CVE-2021-23275

CVE-2021-23275 concerns a Windows Installation component in TIBCO products (TIBCO Enterprise Runtime for R – Server Edition, Spotfire Server/Analytics Platform for AWS Marketplace, Spotfire Statistics Services, and Spotfire Server components). The vulnerability stems from a lack of access restric...

CVE-2021-23275 TIBCO Spotfire Windows Platform Installation vulnerability

The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfi...

Input validation

The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the...

CVE-2019-11211

CVE-2019-11211 affects TIBCO Enterprise Runtime for R - Server Edition (versions 1.2.0 and below) and TIBCO Spotfire Analytics Platform for AWS Marketplace (versions 10.4.0 and 10.5.0). The vulnerability exists in the server component when running with a containerized TERR service on Linux, where...

CVE-2019-11210

CVE-2019-11210 affects the server component of TIBCO Enterprise Runtime for R - Server Edition and TIBCO Spotfire Analytics Platform for AWS Marketplace. Affected: TR for R Server Edition v1.2.0 and earlier; Spotfire Analytics Platform for AWS Marketplace v10.4.0 and v10.5.0. Description: an unau...

TIBCO Software Spotfire Analytics Platform for AWS Marketplace and TIBCO Software Enterprise Runtime for R-Server Edition Input Validation Error Vulnerabilities

TIBCO Software Spotfire Analytics Platform for AWS Marketplace and TIBCO Software Enterprise Runtime for R-Server Edition are products of TIBCO Software, Inc. TIBCO Software Spotfire Analytics Platform for AWS Marketplace is a platform for visualizing and analyzing data for the cloud application...