Search criteria
4 vulnerabilities by TIBCO Software Inc
CVE-2025-2261 (GCVE-0-2025-2261)
Vulnerability from cvelistv5 – Published: 2025-05-21 18:29 – Updated: 2025-05-21 19:47
VLAI?
Summary
Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user's browser under the privileges of the web application.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc | TIBCO BPM Enterprise |
Affected:
4.3 , < 4
(Patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2261",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:46:54.302333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:47:10.121Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"TIBCO ActiveMatrix Administrator"
],
"product": "TIBCO BPM Enterprise",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "4",
"status": "affected",
"version": "4.3",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-05-13T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user\u0027s browser under the privileges of the web application.\u0026nbsp;"
}
],
"value": "Stored XSS in TIBCO ActiveMatrix Administrator allows malicious data to appear to be part of the website and run within user\u0027s browser under the privileges of the web application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T18:29:53.820Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-bpm-enterprise-cve-2025-2261-r220/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO BPM Enterprise XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2025-2261",
"datePublished": "2025-05-21T18:29:53.820Z",
"dateReserved": "2025-03-12T17:33:24.449Z",
"dateUpdated": "2025-05-21T19:47:10.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-3751 (GCVE-0-2025-3751)
Vulnerability from cvelistv5 – Published: 2025-05-21 18:12 – Updated: 2025-05-21 19:47
VLAI?
Summary
The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| TIBCO Software Inc | TIBCO ActiveMatrix BusinessWorks |
Affected:
5.16.1 , < HF-01
(Patch)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T19:47:30.311785Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T19:47:52.175Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"TIBCO Administrator"
],
"product": "TIBCO ActiveMatrix BusinessWorks",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "HF-01",
"status": "affected",
"version": "5.16.1",
"versionType": "Patch"
}
]
}
],
"datePublic": "2025-05-13T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T18:12:59.133Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-13-2025-tibco-activematrix-businessworks-cve-2025-3751-r221/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO ActiveMatrix BusinessWorks SQL Injection Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2025-3751",
"datePublished": "2025-05-21T18:12:59.133Z",
"dateReserved": "2025-04-16T21:17:10.801Z",
"dateUpdated": "2025-05-21T19:47:52.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10218 (GCVE-0-2024-10218)
Vulnerability from cvelistv5 – Published: 2024-11-12 19:14 – Updated: 2024-11-22 20:41
VLAI?
Summary
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence
Severity ?
CWE
- The components listed above contain a vulnerability that allows the author of a malicious .mar file to perform an XEE attack
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc | TIBCO Hawk |
Affected:
6.2 , < 5
(Patch)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10218",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T20:34:41.505582Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:41:19.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Monitoring Archive Utility (MAR Utility)",
"monitoringconsolecommon.jar"
],
"product": "TIBCO Hawk",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "5",
"status": "affected",
"version": "6.2",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Monitoring Archive Utility (MAR Utility)",
"monitoringconsolecommon.jar"
],
"product": "TIBCO Operational Intelligence",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "0",
"status": "affected",
"version": "7.3",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-11-12T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XSS Attack in \u003cspan style=\"background-color: transparent;\"\u003emar.jar, Monitoring Archive Utility (MAR Utility),\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emonitoringconsolecommon.jar\u003c/span\u003e\u0026nbsp;in \u003cspan style=\"background-color: transparent;\"\u003eTIBCO Software Inc\u003c/span\u003e\u0026nbsp;TIBCO Hawk and\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eTIBCO Operational Intelligence\u003c/span\u003e\u0026nbsp;\u003cbr\u003e"
}
],
"value": "XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),\u00a0monitoringconsolecommon.jar\u00a0in TIBCO Software Inc\u00a0TIBCO Hawk and\u00a0TIBCO Operational Intelligence"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could manipulate the system with the same privileges as the logged in user"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:L/SI:N/SA:H/AU:N/R:U/V:C/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The components listed above contain a vulnerability that allows the author of a malicious .mar file to perform an XEE attack",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:14:00.748Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO Hawk Stored-XEE Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2024-10218",
"datePublished": "2024-11-12T19:14:00.748Z",
"dateReserved": "2024-10-21T18:00:07.536Z",
"dateUpdated": "2024-11-22T20:41:19.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10217 (GCVE-0-2024-10217)
Vulnerability from cvelistv5 – Published: 2024-11-12 19:12 – Updated: 2024-11-21 16:15
VLAI?
Summary
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence
Severity ?
CWE
- The components listed above contain a vulnerability that allows the author of a malicious .mar file to perform an XSS attack
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc | TIBCO Hawk |
Affected:
6.2 , < 5
(Patch)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10217",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T20:38:33.171368Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T16:15:44.718Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Monitoring Archive Utility (MAR Utility)",
"monitoringconsolecommon.jar"
],
"product": "TIBCO Hawk",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "5",
"status": "affected",
"version": "6.2",
"versionType": "Patch"
}
]
},
{
"defaultStatus": "unaffected",
"modules": [
"Monitoring Archive Utility (MAR Utility)",
"monitoringconsolecommon.jar"
],
"product": "TIBCO Operational Intelligence",
"vendor": "TIBCO Software Inc",
"versions": [
{
"lessThan": "0",
"status": "affected",
"version": "7.3",
"versionType": "Patch"
}
]
}
],
"datePublic": "2024-11-12T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "XSS Attack in \u003cspan style=\"background-color: transparent;\"\u003emar.jar, Monitoring Archive Utility (MAR Utility),\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: transparent;\"\u003emonitoringconsolecommon.jar\u003c/span\u003e\u0026nbsp;in \u003cspan style=\"background-color: transparent;\"\u003eTIBCO Software Inc\u003c/span\u003e\u0026nbsp;TIBCO Hawk and\u0026nbsp;\u003cspan style=\"background-color: transparent;\"\u003eTIBCO Operational Intelligence\u003c/span\u003e\u0026nbsp;\u003cbr\u003e"
}
],
"value": "XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),\u00a0monitoringconsolecommon.jar\u00a0in TIBCO Software Inc\u00a0TIBCO Hawk and\u00a0TIBCO Operational Intelligence"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could manipulate the system with the same privileges as the logged in user"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:L/SI:N/SA:H/AU:N/R:U/V:C/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The components listed above contain a vulnerability that allows the author of a malicious .mar file to perform an XSS attack",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T19:12:54.360Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://community.tibco.com/advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "TIBCO Hawk Stored-XSS Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2024-10217",
"datePublished": "2024-11-12T19:12:54.360Z",
"dateReserved": "2024-10-21T18:00:05.765Z",
"dateUpdated": "2024-11-21T16:15:44.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}