cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-10218,https://securityvulnerability.io/vulnerability/CVE-2024-10218,TIBCO Hawk Stored-XEE Vulnerability,"XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence",Tibco,"Tibco Hawk,Tibco Operational Intelligence",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T20:15:00.000Z,0 CVE-2024-10217,https://securityvulnerability.io/vulnerability/CVE-2024-10217,TIBCO Hawk Stored-XSS Vulnerability,"XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence",Tibco,"Tibco Hawk,Tibco Operational Intelligence",,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T20:15:00.000Z,0 CVE-2024-3331,https://securityvulnerability.io/vulnerability/CVE-2024-3331,Privilege Escalation Vulnerability in Spotfire Products by TIBCO Software Inc.,"A vulnerability exists in multiple Spotfire products that could allow users to gain higher privileges depending on the user's access level. This issue affects several versions of Spotfire’s runtime, statistics services, analyst tools, desktop applications, and servers. The specific impact hinges on the privileges of the user operating the affected software, making it crucial for organizations using Spotfire solutions to assess their exposure and apply necessary updates.",TIBCO Software Inc.,Spotfire,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-27T19:15:00.000Z,0 CVE-2024-4576,https://securityvulnerability.io/vulnerability/CVE-2024-4576,Unauthorized Access to Sensitive Files via Component Vulnerability,"The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.",Tibco,Ebx,5.3,MEDIUM,0.00046999999904073775,false,,false,false,false,,,false,false,,2024-06-13T06:31:41.034Z,0 CVE-2024-3182,https://securityvulnerability.io/vulnerability/CVE-2024-3182,Universal Installer Password Disclosure Vulnerability Affects TIBCO Hawk Versions 6.2.0-6.2.3,"Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files. ",Tibco,Hawk,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-15T18:04:49.997Z,0 CVE-2024-3323,https://securityvulnerability.io/vulnerability/CVE-2024-3323,TIBCO JasperReports Server vulnerable to Cross-Site Scripting Attacks,"A Cross Site Scripting (XSS) vulnerability has been identified in the user interface request and response validation mechanisms of TIBCO JasperReports Server versions 8.0.4 and 8.2.0. This flaw permits an attacker to inject malicious executable scripts into the trusted application’s environment. Such exploitation can result in unauthorized access to the user's session by stealing their active session cookie. Users may be enticed to interact with a fraudulent link, which triggers the execution of malicious scripts within the context of the application, compromising their session security and potentially leading to further attacks or unauthorized data exposure.",Tibco,Jasperreports Server,8.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-17T18:53:21.348Z,0 CVE-2024-1137,https://securityvulnerability.io/vulnerability/CVE-2024-1137,Vulnerability in TIBCO ActiveSpaces - Enterprise Edition Could Allow Passive Data Observation,"The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. ",Tibco,Tibco Activespaces - Enterprise Edition,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-12T17:31:19.481Z,0 CVE-2024-1138,https://securityvulnerability.io/vulnerability/CVE-2024-1138,Privilege Escalation Vulnerability in TIBCO FTL Server Component,"The vulnerability affects the FTL Server component of TIBCO FTL - Enterprise Edition, enabling an attacker with low privileges and network access to execute a privilege escalation attack. This can potentially allow unauthorized access or control over the affected ftlserver instance. Users running versions 6.10.1 and below of TIBCO FTL - Enterprise Edition should take immediate action to mitigate any risks associated with this vulnerability.",Tibco,Tibco Ftl - Enterprise Edition,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-03-12T17:30:15.100Z,0 CVE-2023-26222,https://securityvulnerability.io/vulnerability/CVE-2023-26222,TIBCO EBX Cross-site Scripting (XXS) Vulnerability,"The Web Application component of TIBCO EBX and the TIBCO Product and Service Catalog is susceptible to a stored Cross-Site Scripting (XSS) vulnerability. This issue allows low-privileged attackers with network access to inject malicious scripts, which can be executed by users accessing the affected applications. This vulnerability impacts versions of TIBCO EBX up to 5.9.22 and 6.0.13, as well as the TIBCO Product and Service Catalog versions up to 5.0.0, creating potential risks for data integrity and user security.",Tibco,"Tibco Ebx,Tibco Product And Service Catalog Powered By Tibco Ebx",8.7,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-11-14T20:15:00.000Z,0 CVE-2023-26221,https://securityvulnerability.io/vulnerability/CVE-2023-26221,TIBCO Spotfire Insufficiently Protected Credential vulnerability,"The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0. ",Tibco,"Spotfire Analyst,Spotfire Server,Spotfire For Aws Marketplace",5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-11-08T20:15:00.000Z,0 CVE-2023-26219,https://securityvulnerability.io/vulnerability/CVE-2023-26219,TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability,"The Hawk Console and Hawk Agent components from TIBCO Software Inc. contain a vulnerability that may allow an attacker to exploit accessed logs to uncover credentials. This security issue affects several TIBCO products, particularly versions prior to 6.2.2 for TIBCO Hawk and TIBCO Hawk Distribution for TIBCO Silver Fabric, versions below 7.2.1 for TIBCO Operational Intelligence Hawk RedTail, and below 5.12.2 for TIBCO Runtime Agent. Organizations utilizing these affected versions should take immediate action to mitigate risks associated with potential credential exposure.",Tibco,"Tibco Hawk,Tibco Hawk Distribution For Tibco Silver Fabric,Tibco Operational Intelligence Hawk Redtail,Tibco Runtime Agent",7.4,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-10-25T18:17:00.000Z,0 CVE-2023-26220,https://securityvulnerability.io/vulnerability/CVE-2023-26220,TIBCO Spotfire Stored Cross-site Scripting (XSS) vulnerability,"The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1. ",Tibco,"Spotfire Analyst,Spotfire Server",5.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2023-10-10T23:15:00.000Z,0 CVE-2023-26218,https://securityvulnerability.io/vulnerability/CVE-2023-26218,TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities,"The Web Client component of TIBCO Nimbus developed by TIBCO Software Inc. is susceptible to reflected cross-site scripting (XSS) vulnerabilities. These vulnerabilities enable an attacker, with low privileges, to exploit social engineering tactics aimed at deceiving a legitimate user with network access into executing malicious scripts. The attack hinges on the user’s interaction, as they must unknowingly activate the exploit, which can target both the compromised system and the victim's local environment. Affected versions include TIBCO Nimbus 10.6.0 and below. For further information, users are encouraged to refer to TIBCO's official support resources.",Tibco,Tibco Nimbus,8,HIGH,0.0008900000248104334,false,,false,false,false,,,false,false,,2023-09-29T18:15:00.000Z,0 CVE-2023-26217,https://securityvulnerability.io/vulnerability/CVE-2023-26217,TIBCO EBX Add-ons SQL Injection Vulnerability,"The Data Exchange Add-on component of TIBCO EBX Add-ons is vulnerable to SQL injection, allowing low privileged users with import permissions and network access to execute arbitrary SQL commands on the server. This poses a significant security risk, as unauthorized SQL execution can lead to data breaches, data manipulation, and potential system compromise for the affected versions.",Tibco,Tibco Ebx Add-ons,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2023-07-19T21:15:00.000Z,0 CVE-2023-26215,https://securityvulnerability.io/vulnerability/CVE-2023-26215,TIBCO EBX® Add-ons Path Traversal,"The server component of TIBCO EBX Add-ons by TIBCO Software Inc. contains a weakness that enables attackers with minimal application privileges to access and read sensitive system files that are within the reach of the web server. This vulnerability affects versions 4.5.16 and earlier, posing a risk of unauthorized information disclosure, which could lead to further exploitation if sensitive data is disclosed.",Tibco,Tibco Ebx Add-ons,6.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-05-25T19:15:00.000Z,0 CVE-2023-26216,https://securityvulnerability.io/vulnerability/CVE-2023-26216,TIBCO EBX Add-ons Arbitrary File Write,"The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons is affected by a file upload vulnerability, permitting unauthorized attackers to upload files to a directory that is accessible by the web server. This flaw is present in TIBCO EBX Add-ons versions 4.5.16 and earlier, allowing for potential exploitation that can lead to more severe security incidents.",Tibco,Tibco Ebx Add-ons,9.1,CRITICAL,0.0009399999980814755,false,,false,false,false,,,false,false,,2023-05-25T19:15:00.000Z,0 CVE-2023-29268,https://securityvulnerability.io/vulnerability/CVE-2023-29268,TIBCO Spotfire Statistics Services Unrestricted File Upload Vulnerability,"The Splus Server component of TIBCO Spotfire Statistics Services is susceptible to a security flaw that permits unauthenticated remote attackers to upload or alter files within the web server directory. This vulnerability poses significant risks, as it may enable unauthorized changes to system files, potentially compromising the integrity and availability of the affected services. Organizations utilizing versions listed may be exposed to these risks and should implement appropriate security measures.",Tibco,Tibco Spotfire Statistics Services,9.8,CRITICAL,0.00215999991632998,false,,false,false,false,,,false,false,,2023-04-26T18:15:00.000Z,0 CVE-2022-41566,https://securityvulnerability.io/vulnerability/CVE-2022-41566,TIBCO EBX Add-ons Cross Site Scripting (XSS) Vulnerability,"The server component of TIBCO EBX Add-ons has a vulnerability that enables low privileged attackers with network access to execute stored Cross-Site Scripting (XSS) attacks on the vulnerable system. This flaw is particularly concerning in versions 5.6.0 and earlier, as it allows for unauthorized script execution, potentially compromising user data and overall system integrity. Mitigation involves updating to patched versions and implementing stringent security measures to prevent exploitation.",Tibco,Tibco Ebx Add-ons,8.7,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0 CVE-2022-41565,https://securityvulnerability.io/vulnerability/CVE-2022-41565,TIBCO EBX Cross Site Scripting (XSS) Vulnerability,"A stored cross-site scripting (XSS) vulnerability exists in the Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog. This vulnerability can be exploited by an attacker with low privileges and network access, allowing unauthorized script execution within the affected environment. Immediate attention is required to mitigate the risk associated with versions 5.9.21 and below of TIBCO EBX, versions 6.0.11 and below of TIBCO EBX, and versions 1.2.0 and below of the TIBCO Product and Service Catalog.",Tibco,"Tibco Ebx,Tibco Product And Service Catalog Powered By Tibco Ebx",8.7,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0 CVE-2023-26214,https://securityvulnerability.io/vulnerability/CVE-2023-26214,TIBCO BusinessConnect Reflected XSS Vulnerability,The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.,Tibco,TIBCO BusinessConnect,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0 CVE-2022-41567,https://securityvulnerability.io/vulnerability/CVE-2022-41567,TIBCO BusinessConnect Stored XSS Vulnerability,"The TIBCO BusinessConnect UI component is susceptible to a cross-site scripting (XSS) vulnerability, which can be exploited by low privileged attackers with network access. This vulnerability allows unauthorized users to inject malicious scripts into the affected system, potentially compromising sensitive data and user interactions. Versions of TIBCO BusinessConnect including 7.3.0 and earlier are impacted, making it critical for users to evaluate and mitigate potential exploitation risks.",Tibco,Tibco Businessconnect,7.3,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-22T00:00:00.000Z,0 CVE-2022-41564,https://securityvulnerability.io/vulnerability/CVE-2022-41564,TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability,The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.,Tibco,"Tibco Hawk,Tibco Operational Intelligence Hawk Redtail",6.8,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2023-02-14T00:00:00.000Z,0 CVE-2022-41561,https://securityvulnerability.io/vulnerability/CVE-2022-41561,TIBCO JasperReports Server RCE Vulnerability,"The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute Remote Code Execution to obtain a reverse shell on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",9.1,CRITICAL,0.003640000009909272,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0 CVE-2022-41563,https://securityvulnerability.io/vulnerability/CVE-2022-41563,TIBCO JasperReports Server Stored XSS Vulnerability,"The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",9,CRITICAL,0.000539999979082495,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0 CVE-2022-41562,https://securityvulnerability.io/vulnerability/CVE-2022-41562,TIBCO JasperReports Server XSS Issue on Roles,"The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with network access to execute an XSS attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 8.0.2 and below, TIBCO JasperReports Server: version 8.1.0, TIBCO JasperReports Server - Community Edition: versions 8.1.0 and below, TIBCO JasperReports Server - Developer Edition: versions 8.1.0 and below, TIBCO JasperReports Server for AWS Marketplace: versions 8.0.2 and below, TIBCO JasperReports Server for AWS Marketplace: version 8.1.0, TIBCO JasperReports Server for Microsoft Azure: versions 8.0.2 and below, and TIBCO JasperReports Server for Microsoft Azure: version 8.1.0.",Tibco,"Tibco Jasperreports Server,Tibco Jasperreports Server - Community Edition,Tibco Jasperreports Server - Developer Edition,Tibco Jasperreports Server For Aws Marketplace,Tibco Jasperreports Server For Microsoft Azure",8.4,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0