TIBCO 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk csrf、バッファオーバーフロー、vendor risk sql injection, and vendor risk xxe があり、vendor surface software deployment and vendor surface production workloads の利用場面で アプリケーションクラッシュ、vendor impact memory corruption, and vendor impact data exposure などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-3207 | Configuration issue in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. | [email protected] | 8.7 | 0.28% | 2026-03-17 | 2026-04-02 |
| CVE-2025-3115 | Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | [email protected] | 9.4 | 0.55% | 2025-04-09 | 2025-11-11 |
| CVE-2024-4576 | The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information. | [email protected] | 5.3 | 0.47% | 2024-06-13 | 2024-11-21 |
| CVE-2023-26222 | The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below. | [email protected] | 8.7 | 0.47% | 2023-11-14 | 2024-11-21 |
| CVE-2023-26221 | The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versio | [email protected] | 5.0 | 0.19% | 2023-11-08 | 2024-11-21 |
| CVE-2023-26219 | The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric | [email protected] | 7.4 | 0.43% | 2023-10-25 | 2024-11-21 |
| CVE-2023-26220 | The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, | [email protected] | 5.4 | 0.30% | 2023-10-10 | 2024-11-21 |
| CVE-2023-26218 | The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6. | [email protected] | 8.0 | 0.52% | 2023-09-29 | 2024-11-21 |
| CVE-2023-26217 | The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0. | [email protected] | 8.8 | 0.61% | 2023-07-19 | 2024-11-21 |
| CVE-2023-26216 | The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | [email protected] | 9.1 | 0.76% | 2023-05-25 | 2024-11-21 |
| CVE-2023-26215 | The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | [email protected] | 7.7 | 0.66% | 2023-05-25 | 2025-01-16 |
| CVE-2023-29268 | The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0. | [email protected] | 9.8 | 1.03% | 2023-04-26 | 2025-01-30 |
| CVE-2023-26214 | The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. | [email protected] | 7.3 | 0.39% | 2023-02-22 | 2025-03-12 |
| CVE-2022-41567 | The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a cross-site scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BusinessConnect: versions 7.3.0 and below. | [email protected] | 7.3 | 0.39% | 2023-02-22 | 2024-11-21 |
| CVE-2022-41566 | The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 5.6.0 and below. | [email protected] | 8.7 | 0.39% | 2023-02-22 | 2024-11-21 |
| CVE-2022-41565 | The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.21 and below, versions 6.0.11 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 1.2.0 and below. | [email protected] | 8.7 | 0.39% | 2023-02-22 | 2024-11-21 |
| CVE-2022-41564 | The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0. | [email protected] | 6.8 | 0.47% | 2023-02-14 | 2025-03-20 |
| CVE-2022-41563 | The Dashboard component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on t | [email protected] | 9.0 | 0.87% | 2022-12-13 | 2024-11-21 |
| CVE-2022-41562 | The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker with n | [email protected] | 8.4 | 0.72% | 2022-12-13 | 2024-11-21 |
| CVE-2022-41561 | The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker wi | [email protected] | 9.1 | 1.44% | 2022-12-13 | 2024-11-21 |