VYPR

Vendor CVEs

TIBCO Software

All CVEs

243 total · sorted by risk
  • CVE-2018-5430HigKEVApr 17, 2018
    risk 0.76cvss 8.8epss 0.49

    The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contain a…

  • CVE-2026-3207CriMar 17, 2026
    risk 0.64cvss 9.8epss 0.00

    Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access.

  • CVE-2024-3330CriJun 27, 2024
    risk 0.64cvss 9.9epss 0.01

    Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires…

  • CVE-2017-3181CriJul 24, 2018
    risk 0.64cvss 9.8epss 0.02

    Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify…

  • CVE-2018-5435CriJun 27, 2018
    risk 0.63cvss 9.6epss 0.03

    The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs…

  • CVE-2025-11548CriOct 14, 2025
    risk 0.61cvss epss 0.00

    A remote, unauthenticated privilege escalation in ibi WebFOCUS allows an attacker to gain administrative access to the application which may lead to unauthenticated Remote Code Execution

  • CVE-2017-5533CriNov 15, 2017
    risk 0.61cvss 9.3epss 0.02

    A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a…

  • CVE-2024-10218CriNov 12, 2024
    risk 0.60cvss epss 0.00

    XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence

  • CVE-2024-10217CriNov 12, 2024
    risk 0.60cvss epss 0.01

    XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence

  • CVE-2026-6009HigMay 19, 2026
    risk 0.57cvss epss 0.00

    Java Deserialisation Vulnerability in Jaspersoft Reports Library leads to Remote Code Execution (RCE), potentially allowing code execution on the affected system

  • CVE-2024-1138HigMar 12, 2024
    risk 0.57cvss 8.8epss 0.00

    The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL…

  • CVE-2018-5428HigJun 20, 2018
    risk 0.57cvss 8.8epss 0.03

    The version control adapters component of TIBCO Data Virtualization (formerly known as Cisco Information Server) contains vulnerabilities that may allow for arbitrary command execution. Affected releases are TIBCO Data Virtualization: 7.0.5; 7.0.6.

  • CVE-2018-5429HigApr 17, 2018
    risk 0.57cvss 8.8epss 0.02

    A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO…

  • CVE-2017-5534HigDec 13, 2017
    risk 0.57cvss 8.8epss 0.01

    The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below;…

  • CVE-2017-5528HigJun 29, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple JasperReports Server components contain vulnerabilities which may allow authorized users to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. The impact of this vulnerability includes the theoretical disclosure of sensitive information. …

  • CVE-2016-3628HigApr 20, 2016
    risk 0.57cvss 8.8epss 0.02

    Buffer overflow in tibemsd in the server in TIBCO Enterprise Message Service (EMS) before 8.3.0 and EMS Appliance before 2.4.0 allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via crafted inbound data.

  • CVE-2024-3323HigApr 17, 2024
    risk 0.54cvss 8.3epss 0.00

    Cross Site Scripting in UI Request/Response Validation in TIBCO JasperReports Server 8.0.4 and 8.2.0 allows allows for the injection of malicious executable scripts into the code of a trusted application that may lead to stealing the user's active session cookie via sending…

  • CVE-2017-5530HigDec 13, 2017
    risk 0.53cvss 8.1epss 0.01

    The tibbr web server components of tibbr Community, and tibbr Enterprise contain SAML protocol handling errors which may allow authorized users to impersonate other users, and therefore escalate their access privileges. Affected releases are tibbr Community 5.2.1 and below;…

  • CVE-2018-5432HigJun 13, 2018
    risk 0.52cvss 8.0epss 0.01

    The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting…

  • CVE-2017-5531HigOct 17, 2017
    risk 0.52cvss 8.0epss 0.01

    Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain…

  • CVE-2018-12408HigAug 8, 2018
    risk 0.49cvss 7.5epss 0.02

    The BusinessWorks engine component of TIBCO Software Inc.'s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE)…

  • CVE-2025-2261HigMay 21, 2025
    risk 0.46cvss epss 0.00

    Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.

  • CVE-2024-3331MedJun 27, 2024
    risk 0.44cvss 6.8epss 0.00

    Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user…

  • CVE-2018-5437MedJun 27, 2018
    risk 0.44cvss 6.8epss 0.01

    The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs…

  • CVE-2017-5535MedMay 1, 2018
    risk 0.44cvss 6.8epss 0.00

    The GridServer Broker, GridServer Driver, and GridServer Engine components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities related to both the improper use of encryption mechanisms and the use of weak ciphers. A malicious actor could…

  • CVE-2024-3182MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.00

    Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config…

  • CVE-2018-5436MedJun 27, 2018
    risk 0.42cvss 6.5epss 0.01

    The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected…

  • CVE-2018-5433MedJun 13, 2018
    risk 0.42cvss 6.5epss 0.01

    The TIBCO Administrator server component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to…

  • CVE-2017-5536MedMay 1, 2018
    risk 0.41cvss 6.3epss 0.01

    The GridServer Broker, and GridServer Director components of TIBCO Software Inc. TIBCO DataSynapse GridServer Manager contain vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS). In addition, an authenticated user could be a victim of a…

  • CVE-2018-5431MedApr 17, 2018
    risk 0.41cvss 6.3epss 0.01

    The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS…

  • CVE-2018-5434MedJun 13, 2018
    risk 0.38cvss 5.8epss 0.01

    The TIBCO Designer component of TIBCO Software Inc.'s TIBCO Runtime Agent, and TIBCO Runtime Agent for z/Linux contains vulnerabilities wherein a malicious user could perform XML external entity expansion (XXE) attacks to disclose host machine information. Affected releases are…

  • CVE-2017-3180MedJul 24, 2018
    risk 0.35cvss 5.4epss 0.01

    Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context…

  • CVE-2017-5532MedNov 15, 2017
    risk 0.35cvss 5.4epss 0.01

    A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO Jaspersoft for AWS…

  • CVE-2017-16789MedDec 11, 2017
    risk 0.31cvss 4.8epss 0.01

    Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 before 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor through 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via the users…

  • CVE-2024-1137MedMar 12, 2024
    risk 0.28cvss 4.3epss 0.00

    The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO…

  • CVE-2017-5527MedMay 9, 2017
    risk 0.28cvss 4.3epss 0.01

    TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL…

  • CVE-2017-5529MedJun 29, 2017
    risk 0.27cvss 4.1epss 0.01

    JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition (versions 6.4.0 and below),…

  • CVE-2018-18809KEVMar 7, 2019
    risk 0.20cvss epss 0.80

    The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports…

  • CVE-2006-4676Sep 11, 2006
    risk 0.03cvss epss 0.01

    TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.

  • CVE-2020-35458Jan 12, 2021
    risk 0.01cvss epss 0.05

    An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.

  • CVE-2009-1291Apr 30, 2009
    risk 0.01cvss epss 0.06

    Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and…

  • CVE-2007-5658Jan 16, 2008
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger…

  • CVE-2026-3912Mar 24, 2026
    risk 0.00cvss epss 0.00

    Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of…

  • CVE-2024-3325Jul 10, 2024
    risk 0.00cvss epss 0.01

    Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.

  • CVE-2024-4576Jun 13, 2024
    risk 0.00cvss epss 0.00

    The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information.

  • CVE-2023-26222Nov 14, 2023
    risk 0.00cvss epss 0.00

    The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system.…

  • CVE-2023-26221Nov 8, 2023
    risk 0.00cvss epss 0.00

    The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful…

  • CVE-2023-26219Oct 24, 2023
    risk 0.00cvss epss 0.00

    The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the…

  • CVE-2023-26220Oct 10, 2023
    risk 0.00cvss epss 0.00

    The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful…

  • CVE-2023-26218Sep 29, 2023
    risk 0.00cvss epss 0.01

    The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected…

Page 1 of 5