cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-3323,https://securityvulnerability.io/vulnerability/CVE-2024-3323,TIBCO JasperReports Server vulnerable to Cross-Site Scripting Attacks,"A Cross Site Scripting (XSS) vulnerability has been identified in the user interface request and response validation mechanisms of TIBCO JasperReports Server versions 8.0.4 and 8.2.0. This flaw permits an attacker to inject malicious executable scripts into the trusted application’s environment. Such exploitation can result in unauthorized access to the user's session by stealing their active session cookie. Users may be enticed to interact with a fraudulent link, which triggers the execution of malicious scripts within the context of the application, compromising their session security and potentially leading to further attacks or unauthorized data exposure.",Tibco,Jasperreports Server,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-17T18:53:21.348Z,0
CVE-2024-1138,https://securityvulnerability.io/vulnerability/CVE-2024-1138,Privilege Escalation Vulnerability in TIBCO FTL Server Component,"The vulnerability affects the FTL Server component of TIBCO FTL - Enterprise Edition, enabling an attacker with low privileges and network access to execute a privilege escalation attack. This can potentially allow unauthorized access or control over the affected ftlserver instance. Users running versions 6.10.1 and below of TIBCO FTL - Enterprise Edition should take immediate action to mitigate any risks associated with this vulnerability.",Tibco,Tibco Ftl - Enterprise Edition,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-12T17:30:15.100Z,0
CVE-2023-26222,https://securityvulnerability.io/vulnerability/CVE-2023-26222,TIBCO EBX Cross-site Scripting (XXS) Vulnerability,"The Web Application component of TIBCO EBX and the TIBCO Product and Service Catalog is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows low-privileged attackers with network access to inject malicious scripts, which can be executed by users accessing the affected applications. This vulnerability impacts versions of TIBCO EBX up to 5.9.22 and 6.0.13, as well as the TIBCO Product and Service Catalog versions up to 5.0.0, creating potential risks for data integrity and user security.",Tibco,"Tibco Ebx,Tibco Product And Service Catalog Powered By Tibco Ebx",8.7,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-14T20:15:00.000Z,0
CVE-2023-26219,https://securityvulnerability.io/vulnerability/CVE-2023-26219,TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability,"The Hawk Console and Hawk Agent components from TIBCO Software Inc. contain a vulnerability that may allow an attacker to exploit accessed logs to uncover credentials. This security issue affects several TIBCO products, particularly versions prior to 6.2.2 for TIBCO Hawk and TIBCO Hawk Distribution for TIBCO Silver Fabric, versions below 7.2.1 for TIBCO Operational Intelligence Hawk RedTail, and below 5.12.2 for TIBCO Runtime Agent. Organizations utilizing these affected versions should take immediate action to mitigate risks associated with potential credential exposure.",Tibco,"Tibco Hawk,Tibco Hawk Distribution For Tibco Silver Fabric,Tibco Operational Intelligence Hawk Redtail,Tibco Runtime Agent",7.4,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0
CVE-2023-26218,https://securityvulnerability.io/vulnerability/CVE-2023-26218,TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities,"The Web Client component of TIBCO Nimbus developed by TIBCO Software Inc. is susceptible to reflected cross-site scripting (XSS) vulnerabilities. These vulnerabilities enable an attacker, with low privileges, to exploit social engineering tactics aimed at deceiving a legitimate user with network access into executing malicious scripts. The attack hinges on the user’s interaction, as they must unknowingly activate the exploit, which can target both the compromised system and the victim's local environment. Affected versions include TIBCO Nimbus 10.6.0 and below. For further information, users are encouraged to refer to TIBCO's official support resources.",Tibco,Tibco Nimbus,8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-09-29T18:15:00.000Z,0
CVE-2023-26217,https://securityvulnerability.io/vulnerability/CVE-2023-26217,TIBCO EBX Add-ons SQL Injection Vulnerability,"The Data Exchange Add-on component of TIBCO EBX Add-ons is vulnerable to SQL injection, allowing low privileged users with import permissions and network access to execute arbitrary SQL commands on the server. This poses a significant security risk, as unauthorized SQL execution can lead to data breaches, data manipulation, and potential system compromise for the affected versions.",Tibco,Tibco Ebx Add-ons,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-07-19T21:15:00.000Z,0
CVE-2023-26216,https://securityvulnerability.io/vulnerability/CVE-2023-26216,TIBCO EBX Add-ons Arbitrary File Write,"The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons is affected by a file upload vulnerability, permitting unauthorized attackers to upload files to a directory that is accessible by the web server. This flaw is present in TIBCO EBX Add-ons versions 4.5.16 and earlier, allowing for potential exploitation that can lead to more severe security incidents.",Tibco,Tibco Ebx Add-ons,9.1,CRITICAL,0.0009399999980814755,false,,false,false,false,,,false,false,,2023-05-25T19:15:00.000Z,0
CVE-2023-29268,https://securityvulnerability.io/vulnerability/CVE-2023-29268,TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability,"The Splus Server component of TIBCO Spotfire Statistics Services is susceptible to a security flaw that permits unauthenticated remote attackers to upload or alter files within the web server directory. This vulnerability poses significant risks, as it may enable unauthorized changes to system files, potentially compromising the integrity and availability of the affected services. Organizations utilizing versions listed may be exposed to these risks and should implement appropriate security measures.",Tibco,Tibco Spotfire Statistics Services,9.8,CRITICAL,0.00215999991632998,false,,false,false,false,,,false,false,,2023-04-26T18:15:00.000Z,0
CVE-2022-41567,https://securityvulnerability.io/vulnerability/CVE-2022-41567,TIBCO BusinessConnect Stored XSS Vulnerability,"The TIBCO BusinessConnect UI component is susceptible to a cross-site scripting (XSS) vulnerability, which can be exploited by low privileged attackers with network access. This vulnerability allows unauthorized users to inject malicious scripts into the affected system, potentially compromising sensitive data and user interactions. Versions of TIBCO BusinessConnect including 7.3.0 and earlier are impacted, making it critical for users to evaluate and mitigate potential exploitation risks.",Tibco,Tibco Businessconnect,7.3,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0
CVE-2022-41565,https://securityvulnerability.io/vulnerability/CVE-2022-41565,TIBCO EBX Cross Site Scripting (XSS) Vulnerability,"A stored cross-site scripting (XSS) vulnerability exists in the Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog. This vulnerability can be exploited by an attacker with low privileges and network access, allowing unauthorized script execution within the affected environment. Immediate attention is required to mitigate the risk associated with versions 5.9.21 and below of TIBCO EBX, versions 6.0.11 and below of TIBCO EBX, and versions 1.2.0 and below of the TIBCO Product and Service Catalog.",Tibco,"Tibco Ebx,Tibco Product And Service Catalog Powered By Tibco Ebx",8.7,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0
CVE-2022-41566,https://securityvulnerability.io/vulnerability/CVE-2022-41566,TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability,"The server component of TIBCO EBX Add-ons has a vulnerability that enables low privileged attackers with network access to execute stored Cross-Site Scripting (XSS) attacks on the vulnerable system. This flaw is particularly concerning in versions 5.6.0 and earlier, as it allows for unauthorized script execution, potentially compromising user data and overall system integrity. Mitigation involves updating to patched versions and implementing stringent security measures to prevent exploitation.",Tibco,Tibco Ebx Add-ons,8.7,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0
CVE-2022-41562,https://securityvulnerability.io/vulnerability/CVE-2022-41562,TIBCO JasperReports Server XSS Issue on Roles,"The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",8.4,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-41561,https://securityvulnerability.io/vulnerability/CVE-2022-41561,TIBCO JasperReports Server RCE Vulnerability,"The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",9.1,CRITICAL,0.003640000009909272,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-41563,https://securityvulnerability.io/vulnerability/CVE-2022-41563,TIBCO JasperReports Server Stored XSS Vulnerability,"The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",9,CRITICAL,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-41559,https://securityvulnerability.io/vulnerability/CVE-2022-41559,TIBCO Nimbus Open Redirect Vulnerability,The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.,Tibco,Tibco Nimbus,9.3,CRITICAL,0.0015200000489130616,false,,false,false,false,,,false,false,,2022-12-06T00:00:00.000Z,0
CVE-2022-41558,https://securityvulnerability.io/vulnerability/CVE-2022-41558,TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability,"The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.",Tibco,"Tibco Spotfire Analyst,Tibco Spotfire Analytics Platform For Aws Marketplace,Tibco Spotfire Desktop,Tibco Spotfire Server",9,CRITICAL,0.000539999979082495,false,,false,false,false,,,false,false,,2022-11-15T00:00:00.000Z,0
CVE-2022-30578,https://securityvulnerability.io/vulnerability/CVE-2022-30578,TIBCO EBX Add-ons Stored XSS vulnerability,The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.4.1 and below.,Tibco,Tibco Ebx Add-ons,8,HIGH,0.00203000009059906,false,,false,false,false,,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-30577,https://securityvulnerability.io/vulnerability/CVE-2022-30577,TIBCO EBX Stored XSS vulnerability,The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8.,Tibco,Tibco Ebx,8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-09-21T00:00:00.000Z,0
CVE-2022-30579,https://securityvulnerability.io/vulnerability/CVE-2022-30579,TIBCO Spotfire Server Blind SSRF vulnerability,The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.,Tibco,"Tibco Spotfire Analytics Platform For Aws Marketplace,Tibco Spotfire Server",7.1,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2022-09-20T00:00:00.000Z,0
CVE-2022-30576,https://securityvulnerability.io/vulnerability/CVE-2022-30576,TIBCO Statistica Stored Cross Site Scripting (XSS) Vulnerability,"The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.",Tibco,"Tibco Data Science - Workbench,Tibco Statistica,Tibco Statistica - Estore Edition,Tibco Statistica Trial",8.7,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-08-16T00:00:00.000Z,0
CVE-2022-30575,https://securityvulnerability.io/vulnerability/CVE-2022-30575,TIBCO Statistica Reflected Cross Site Scripting (XSS) Vulnerability,"The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.",Tibco,"Tibco Data Science - Workbench,Tibco Statistica,Tibco Statistica - Estore Edition,Tibco Statistica Trial",7.3,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-08-16T00:00:00.000Z,0
CVE-2022-30571,https://securityvulnerability.io/vulnerability/CVE-2022-30571,TIBCO iWay Service Manager Reflected Cross Site Scripting (XSS) Vulnerability,The iWay Service Manager Console component of TIBCO Software Inc.'s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO iWay Service Manager: versions 8.0.6 and below.,Tibco,Tibco Iway Service Manager,8.1,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-08-02T00:00:00.000Z,0
CVE-2022-22776,https://securityvulnerability.io/vulnerability/CVE-2022-22776,TIBCO BusinessConnect Trading Community Management Stored Cross Site Scripting Vulnerability,The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains easily exploitable vulnerabilities that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using these vulnerabilities requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.,Tibco,Tibco Businessconnect Trading Community Management,8,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-18T00:00:00.000Z,0
CVE-2022-22778,https://securityvulnerability.io/vulnerability/CVE-2022-22778,TIBCO BusinessConnect Trading Community Management Cross-Site Request Forgery Vulnerability,The Web Server component of TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute Cross-Site Request Forgery (CSRF) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect Trading Community Management: versions 6.1.0 and below.,Tibco,Tibco Businessconnect Trading Community Management,8.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2022-05-18T00:00:00.000Z,0
CVE-2022-22775,https://securityvulnerability.io/vulnerability/CVE-2022-22775,TIBCO ActiveMatrix BPM Reflected Cross Site Scripting (XSS) vulnerability,The Workspace client component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains difficult to exploit Reflected Cross Site Scripting (XSS) vulnerabilities that allow low privileged attackers with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.1 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.1 and below.,Tibco,"Tibco Bpm Enterprise,Tibco Bpm Enterprise Distribution For Tibco Silver Fabric",8.1,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2022-05-17T00:00:00.000Z,0