301 matches found
CVE-2022-41562
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...
CVE-2022-41561
The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS...
CVE-2022-41560
The CVE-2022-41560 issue affects TIBCO Nimbus 10.5.0, specifically the Statement Set Upload via the Web Client. The vulnerability allows a low-privileged attacker with network access to cause a Denial of Service (hang/crash). The advisory indicates remediation by upgrading to Nimbus 10.5.1 or lat...
CVE-2022-41559
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from ...
Design/Logic Flaw
The Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software...
Open redirect
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from ...
Cross site scripting
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server...
CVE-2022-30578
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting XSS on the affected system. A successful attack using this vulnerability requires human...
CVE-2022-30577
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting XSS on the affected system. A successful attack using this vulnerability requires human...
Cross site scripting
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting XSS on the affected system. A successful attack using this vulnerability requires human...
Cross site scripting
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting XSS on the affected system. A successful attack using this vulnerability requires human...
CVE-2022-30578
The CVE-2022-30578 vulnerability affects the Web Server component of TIBCO EBX Add-ons, with versions 5.4.1 and earlier being vulnerable. The issue enables a stored XSS condition that an attacker with network access and low privileges can trigger, requiring user interaction for exploitation. A fi...
CVE-2022-30579
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...
Server side request forgery (ssrf)
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...
CVE-2022-30579
The CVE-2022-30579 affects TIBCO Spotfire: Web Player component in Spotfire Analytics Platform for AWS Marketplace and Spotfire Server (both v12.0.0). A low-privilege, network-connected attacker can trigger a blind Server-Side Request Forgery (SSRF) on the affected system. The vulnerability is de...
TIBCO Security Advisory: September 21, 2022 - TIBCO EBX -CVE-2022-30577
TIBCO EBX Stored XSS vulnerability Original release date: September 21, 2022 Lastrevised: --- CVE-2022-30577 Source: TIBCOSoftware Inc. Products Affected TIBCO EBX versions 6.0.0 through 6.0.8 The following component is affected: Web Server Description The component listed above contains an easil...
TIBCO JasperReports Server 8.0.2 Community Edition Code Execution
Advisory ID: SYSS-2022-041 Product: JasperReports Server Manufacturer: TIBCO Software Inc. Tested Versions: 8.0.2 Community Edition Vulnerability Type: CWE-502: Deserialization of Untrusted Data Risk Level: High Solution Status: Fixed Manufacturer Notification: 2022-06-10 Solution Date: 2022-08-1...
Cross site scripting
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site...
CVE-2022-30576
The CVE-2022-30576 affects TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial, specifically the Web Console component. The root cause is a stored Cross Site Scripting (XSS) vulnerability that an attacker with network access and low priv...
CVE-2022-30573 TIBCO FTL Privilege Escalation
The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a...