Filtered by vendor Tibco
Subscribe
Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-3132 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-4495 | 1 Tibco | 6 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 3 more | 2025-04-11 | 9.0 HIGH | N/A |
|
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections.
|
|||||
| CVE-2011-0649 | 1 Tibco | 6 Enterprise Message Service, Rendezvous, Runtime Agent and 3 more | 2025-04-11 | 7.2 HIGH | N/A |
|
Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Da ...
Show More |
|||||
| CVE-2013-2372 | 1 Tibco | 1 Spotfire Web Player | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-3134 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.
|
|||||
| CVE-2012-0690 | 1 Tibco | 4 Spotfire Analytics Server, Spotfire Professional, Spotfire Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
|
|||||
| CVE-2013-2373 | 1 Tibco | 1 Spotfire Web Player | 2025-04-11 | 6.4 MEDIUM | N/A |
|
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
|
|||||
| CVE-2012-0688 | 1 Tibco | 5 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 2 more | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-0683 | 1 Tibco | 1 Administrator | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials.
|
|||||
| CVE-2010-4496 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-3133 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2010-4497 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2010-3491 | 1 Tibco | 4 Activematrix Businessworks Service Engine, Activematrix Service Bus, Activematrix Service Grid and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
|
The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator components in TIBCO ActiveMatrix Service Grid before 2.3.1, ActiveMatrix Service Bus before 2.3.1, ActiveMatrix BusinessWorks Service Engine before 5.8.1, and ActiveMatrix Service Performance Manager before 1.3.2 do not properly handle JMX connections, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service via unspecified vectors.
|
|||||
| CVE-2012-0689 | 1 Tibco | 5 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 2 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors.
|
|||||
| CVE-2011-3424 | 1 Tibco | 3 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2011-2021 | 1 Tibco | 2 Iprocess Engine, Iprocess Workspace | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2011-3423 | 1 Tibco | 3 Managed File Transfer Command Center, Managed File Transfer Internet Server, Slingshot | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in the Managed File Transfer server in TIBCO Managed File Transfer Internet Server before 7.1.1 and Managed File Transfer Command Center before 7.1.1, and the server in TIBCO Slingshot before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-2371 | 1 Tibco | 1 Spotfire Statistics Services | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.
|
|||||
| CVE-2013-3315 | 1 Tibco | 1 Silver Mobile | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vectors.
|
|||||
| CVE-2007-4158 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 7.8 HIGH | N/A |
|
Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830.
|
|||||
| CVE-2008-3338 | 1 Tibco | 4 Hawk, Iprocess Engine, Mainframe Service Tracker and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
|
|||||
| CVE-2007-5656 | 1 Tibco | 3 Enterprise Message Service, Rtworks, Smartsockets Rtserver | 2025-04-09 | 10.0 HIGH | N/A |
|
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
|
|||||
| CVE-2009-1291 | 1 Tibco | 4 Enterprise Message Service, Rtworks, Smartsockets and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound d ...
Show More |
|||||
| CVE-2007-4162 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 7.8 HIGH | N/A |
|
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic.
|
|||||
| CVE-2007-5546 | 1 Tibco | 1 Smart Pgm Fx | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service (service stop and file-transfer outage) via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2008-1703 | 1 Tibco | 8 Adapter Files Z Os, Hawk, Iprocess Engine and 5 more | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.
|
|||||
| CVE-2007-5545 | 1 Tibco | 1 Smart Pgm Fx | 2025-04-09 | 7.5 HIGH | N/A |
|
Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
|
|||||
| CVE-2007-5655 | 1 Tibco | 4 Ems Server, Enterprise Message Service, Rtworks and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
|
|||||
| CVE-2007-4161 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 4.3 MEDIUM | N/A |
|
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.
|
|||||
| CVE-2007-5657 | 1 Tibco | 4 Ems Server, Enterprise Message Service, Rtworks and 1 more | 2025-04-09 | 10.0 HIGH | N/A |
|
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
|
|||||
| CVE-2007-4159 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 5.0 MEDIUM | N/A |
|
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request.
|
|||||
| CVE-2007-4160 | 1 Tibco | 1 Rendezvous | 2025-04-09 | 5.0 MEDIUM | N/A |
|
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network.
|
|||||
| CVE-2010-0184 | 1 Tibco | 1 Runtime Agent | 2025-04-09 | 7.2 HIGH | N/A |
|
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors.
|
|||||
| CVE-2008-1704 | 1 Tibco | 2 Enterprise Message Service, Iprocess Engine | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.
|
|||||
| CVE-2007-5658 | 1 Tibco | 3 Enterprise Message Service, Rtworks, Smartsockets Rtserver | 2025-04-09 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
|
|||||
| CVE-2006-2829 | 1 Tibco | 3 Hawk, Hawk Monitoring Agent, Runtime Agent | 2025-04-03 | 6.8 MEDIUM | N/A |
|
Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma.
|
|||||
| CVE-2006-2830 | 1 Tibco | 3 Hawk, Rendezvous, Runtime Agent | 2025-04-03 | 7.5 HIGH | N/A |
|
Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent (TRA) before 5.4, and Hawk before 4.6.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the HTTP administrative interface.
|
|||||
| CVE-2006-4676 | 1 Tibco | 1 Rendezvous | 2025-04-03 | 1.2 LOW | N/A |
|
TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.
|
|||||
| CVE-2022-41564 | 1 Tibco | 2 Hawk, Operational Intelligence Hawk Redtail | 2025-03-20 | N/A | 6.8 MEDIUM |
|
The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.
|
|||||
| CVE-2023-26214 | 1 Tibco | 1 Businessconnect | 2025-03-12 | N/A | 7.3 HIGH |
|
The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below.
|
|||||