Filtered by vendor Tibco
Subscribe
Total
214 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-0687 | 1 Tibco | 7 Activematrix Bpm, Activematrix Businessworks, Activematrix Businessworks Service Engine and 4 more | 2012-03-13 | 5.0 MEDIUM | N/A |
TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus 2.x before 2.3.2 and BusinessWorks Service Engine before 5.8.2; TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0; TIBCO BusinessEvents Runtime in Enterprise and Inference Editions 3.x before 3.0.3, Standard Edition 4.x before 4.0.2, and Standard Edition and Express 5.0.0; and TIBCO BusinessWorks Engine in TIBCO Silver Fabric ActiveMatrix BusinessWorks Distribution 5.9.2 and ActiveMatrix BusinessWorks before 5.9.3 allow remote attackers to obtain sensitive information via a crafted URL. | |||||
CVE-2012-0689 | 1 Tibco | 5 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 2 more | 2012-03-13 | 5.0 MEDIUM | N/A |
The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to discover credentials via unspecified vectors. | |||||
CVE-2012-0690 | 1 Tibco | 4 Spotfire Analytics Server, Spotfire Professional, Spotfire Server and 1 more | 2012-03-13 | 5.0 MEDIUM | N/A |
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL. | |||||
CVE-2011-3132 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2011-09-22 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-3134 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2011-09-22 | 7.5 HIGH | N/A |
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. | |||||
CVE-2011-3133 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2011-09-22 | 4.3 MEDIUM | N/A |
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. | |||||
CVE-2010-0184 | 1 Tibco | 1 Runtime Agent | 2011-08-07 | 7.2 HIGH | N/A |
The (1) domainutility and (2) domainutilitycmd components in TIBCO Domain Utility in TIBCO Runtime Agent (TRA) before 5.6.2, as used in TIBCO ActiveMatrix BusinessWorks and other products, set weak permissions on domain properties files, which allows local users to obtain domain administrator credentials, and gain privileges on all domain systems, via unspecified vectors. | |||||
CVE-2007-4158 | 1 Tibco | 1 Rendezvous | 2011-04-06 | 7.8 HIGH | N/A |
Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830. | |||||
CVE-2007-4161 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 4.3 MEDIUM | N/A |
rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character. | |||||
CVE-2007-4160 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 5.0 MEDIUM | N/A |
The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network. | |||||
CVE-2007-4162 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 7.8 HIGH | N/A |
TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or integrity of inter-daemon communication, which allows remote attackers to capture and spoof traffic. | |||||
CVE-2007-4159 | 1 Tibco | 1 Rendezvous | 2011-03-07 | 5.0 MEDIUM | N/A |
index.html in the HTTP administration interface in certain daemons in TIBCO Rendezvous (RV) 7.5.2 allows remote attackers to obtain sensitive information, such as a user name and IP addresses, via a direct request. | |||||
CVE-2010-4495 | 1 Tibco | 6 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 3 more | 2010-12-19 | 9.0 HIGH | N/A |
Unspecified vulnerability in the ActiveMatrix Runtime component in TIBCO ActiveMatrix Service Grid 3.0.0, 3.0.1, and 3.1.0; ActiveMatrix Service Bus 3.0.0 and 3.0.1; ActiveMatrix BusinessWorks Service Engine 5.9.0; ActiveMatrix BPM 1.0.1 and 1.0.2; Silver BPM Service 1.0.1; and Silver CAP Service 1.0.0 allows remote authenticated users to execute arbitrary code via vectors related to JMX connections. | |||||
CVE-2010-0683 | 1 Tibco | 1 Administrator | 2010-02-25 | 6.0 MEDIUM | N/A |
Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator 5.4.0 through 5.6.0, when JMS transport is used, allows remote authenticated users to execute arbitrary code on all domain nodes via vectors related to leveraging administrative credentials. |