VYPR
Vendor

TIBCO Software

TIBCO Software Inc. is a business unit of Cloud Software Group that provides enterprise software. It has headquarters in Palo Alto and offices in North America, Europe, Asia, the Middle East, Africa and South America.

Founded 1997
Products
156
CVEs
243
Across products
337
Status
Private

Products

156
View all 156 products →

Recent CVEs

243
View all 243 CVEs →
  • CVE-2018-5430HigKEVApr 17, 2018
    risk 0.76cvss 8.8epss 0.49

    The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a…

  • CVE-2026-3207CriMar 17, 2026
    risk 0.64cvss 9.8epss 0.00

    Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.

  • CVE-2024-3330CriJun 27, 2024
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires…

  • CVE-2017-3181CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.02

    Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify…

  • CVE-2018-5435CriJun 27, 2018
    risk 0.63cvss 9.6epss 0.03

    The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs…

  • CVE-2025-11548CriOct 14, 2025
    risk 0.61cvss epss 0.00

    A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution

  • CVE-2017-5533CriNov 15, 2017
    risk 0.61cvss 9.3epss 0.02

    A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a…

  • CVE-2024-10218CriNov 12, 2024
    risk 0.60cvss epss 0.00

    XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence

  • CVE-2024-10217CriNov 12, 2024
    risk 0.60cvss epss 0.01

    XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence

  • CVE-2026-6009HigMay 19, 2026
    risk 0.57cvss epss 0.00

    Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

  • CVE-2024-1138HigMar 12, 2024
    risk 0.57cvss 8.8epss 0.00

    The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL…

  • CVE-2018-5428HigJun 20, 2018
    risk 0.57cvss 8.8epss 0.03

    The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.

  • CVE-2018-5429HigApr 17, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO…

  • CVE-2017-5534HigDec 13, 2017
    risk 0.57cvss 8.8epss 0.01

    The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below;…

  • CVE-2017-5528HigJun 29, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. …

  • CVE-2016-3628HigApr 20, 2016
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.

  • CVE-2024-3323HigApr 17, 2024
    risk 0.54cvss 8.3epss 0.00

    Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending…

  • CVE-2017-5530HigDec 13, 2017
    risk 0.53cvss 8.1epss 0.01

    The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below;…

  • CVE-2018-5432HigJun 13, 2018
    risk 0.52cvss 8.0epss 0.01

    The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting…

  • CVE-2017-5531HigOct 17, 2017
    risk 0.52cvss 8.0epss 0.01

    Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain…