Search criteria
12 vulnerabilities found for TIBCO Spotfire Desktop by TIBCO Software Inc.
CVE-2022-41558 (GCVE-0-2022-41558)
Vulnerability from cvelistv5 – Published: 2022-11-15 18:15 – Updated: 2025-04-29 20:08
VLAI?
Title
TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability
Summary
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.
Severity ?
9 (Critical)
CWE
- Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 11.4.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:46.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/11/tibco-security-advisory-november-15-2022-tibco-spotfire-cve-2022-41558"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T20:08:19.885043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:08:32.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
}
]
},
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "12.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.6.1"
},
{
"status": "affected",
"version": "11.6.2"
},
{
"status": "affected",
"version": "11.6.3"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "11.8.1"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0"
}
]
}
],
"datePublic": "2022-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2022/11/tibco-security-advisory-november-15-2022-tibco-spotfire-cve-2022-41558"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 11.4.4 and below: update to version 11.4.5 or later\nTIBCO Spotfire Analyst versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1: update to version 12.0.2 or later\nTIBCO Spotfire Analyst version 12.1.0: update to version 12.1.1 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 12.1.0 and below: update to version 12.1.1 or later\nTIBCO Spotfire Desktop versions 11.4.4 and below: update to version 11.4.5 or later\nTIBCO Spotfire Desktop versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1: update to version 12.0.2 or later\nTIBCO Spotfire Desktop version 12.1.0: update to version 12.1.1 or later\nTIBCO Spotfire Server versions 11.4.8 and below: update to version 11.4.9 or later\nTIBCO Spotfire Server versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1: update to version 12.0.2 or later\nTIBCO Spotfire Server version 12.1.0: update to version 12.1.1 or later"
}
],
"source": {
"discovery": "Discovery statement"
},
"title": "TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-41558",
"datePublished": "2022-11-15T18:15:12.527Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:08:32.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23273 (GCVE-0-2021-23273)
Vulnerability from cvelistv5 – Published: 2021-03-09 20:35 – Updated: 2024-09-16 23:15
VLAI?
Title
TIBCO Spotfire Cross Site Scripting Vulnerability
Summary
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.
Severity ?
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker gains access, including potentially administrative access, to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 10.3.3
(custom)
Affected: 10.10.0 Affected: 10.10.1 Affected: 10.10.2 Affected: 10.7.0 Affected: 10.8.0 Affected: 10.9.0 Affected: 11.0.0 Affected: 11.1.0 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
}
]
}
],
"datePublic": "2021-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker gains access, including potentially administrative access, to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-09T21:06:28",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and below update to version 11.2.0 or higher\nTIBCO Spotfire Desktop versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Server versions 10.3.11 and below update to version 10.3.12 or higher\nTIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3 update to version 10.10.4 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Cross Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-09T17:00:00Z",
"ID": "CVE-2021-23273",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.1.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.11"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains access, including potentially administrative access, to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and below update to version 11.2.0 or higher\nTIBCO Spotfire Desktop versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Server versions 10.3.11 and below update to version 10.3.12 or higher\nTIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3 update to version 10.10.4 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23273",
"datePublished": "2021-03-09T20:35:16.543095Z",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-09-16T23:15:56.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9416 (GCVE-0-2020-9416)
Vulnerability from cvelistv5 – Published: 2020-09-15 18:55 – Updated: 2024-09-16 19:20
VLAI?
Title
TIBCO Spotfire Stored Cross Site Scripting Vulnerability
Summary
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.
Severity ?
8.2 (High)
CWE
- The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker's injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
10.7.0
Affected: 10.8.0 Affected: 10.9.0 Affected: 10.10.0 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
}
]
}
],
"datePublic": "2020-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker\u0027s injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T19:06:09",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Stored Cross Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-09-15T17:00:00Z",
"ID": "CVE-2020-9416",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Stored Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker\u0027s injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9416",
"datePublished": "2020-09-15T18:55:11.663340Z",
"dateReserved": "2020-02-26T00:00:00",
"dateUpdated": "2024-09-16T19:20:42.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17334 (GCVE-0-2019-17334)
Vulnerability from cvelistv5 – Published: 2019-12-17 20:55 – Updated: 2024-09-16 18:39
VLAI?
Title
TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files
Summary
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
Severity ?
7.6 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 7.12.0 Affected: 7.13.0 Affected: 7.14.0 Affected: 10.0.0 Affected: 10.1.0 Affected: 10.2.0 Affected: 10.3.0 Affected: 10.3.1 Affected: 10.3.2 Affected: 10.4.0 Affected: 10.5.0 Affected: 10.6.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17334",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17334",
"datePublished": "2019-12-17T20:55:17.037330Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T18:39:10.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5435 (GCVE-0-2018-5435)
Vulnerability from cvelistv5 – Published: 2018-06-27 16:00 – Updated: 2024-09-16 19:51
VLAI?
Title
TIBCO Spotfire Product Family Remote Code Execution Vulnerability
Summary
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.
Severity ?
9.6 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.8.0
(custom)
Affected: 7.9.0 Affected: 7.9.1 Affected: 7.10.0 Affected: 7.10.1 Affected: 7.11.0 Affected: 7.12.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-29T15:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Product Family Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-26T16:00:00.000Z",
"ID": "CVE-2018-5435",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Product Family Remote Code Execution Vulnerability",
"UPDATED": "2018-06-28T18:00:00.000Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5435",
"datePublished": "2018-06-27T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T19:51:48.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5437 (GCVE-0-2018-5437)
Vulnerability from cvelistv5 – Published: 2018-06-27 16:00 – Updated: 2024-09-17 01:25
VLAI?
Title
TIBCO Spotfire Product Family Information Disclosure Vulnerability
Summary
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.
Severity ?
6.8 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.8.0
(custom)
Affected: 7.9.0 Affected: 7.9.1 Affected: 7.10.0 Affected: 7.10.1 Affected: 7.11.0 Affected: 7.12.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-29T15:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. When upgrading to one of the new versions some previously working functionality will be disabled by default and require configuration. Please review the README and other documentation for further information. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Product Family Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-26T16:00:00.000Z",
"ID": "CVE-2018-5437",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Product Family Information Disclosure Vulnerability",
"UPDATED": "2018-06-28T18:00:00.000Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. When upgrading to one of the new versions some previously working functionality will be disabled by default and require configuration. Please review the README and other documentation for further information. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5437",
"datePublished": "2018-06-27T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T01:25:43.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41558 (GCVE-0-2022-41558)
Vulnerability from nvd – Published: 2022-11-15 18:15 – Updated: 2025-04-29 20:08
VLAI?
Title
TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability
Summary
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0.
Severity ?
9 (Critical)
CWE
- Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 11.4.4
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:42:46.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2022/11/tibco-security-advisory-november-15-2022-tibco-spotfire-cve-2022-41558"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41558",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T20:08:19.885043Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:08:32.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
}
]
},
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "12.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.4.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "11.5.0"
},
{
"status": "affected",
"version": "11.6.0"
},
{
"status": "affected",
"version": "11.6.1"
},
{
"status": "affected",
"version": "11.6.2"
},
{
"status": "affected",
"version": "11.6.3"
},
{
"status": "affected",
"version": "11.7.0"
},
{
"status": "affected",
"version": "11.8.0"
},
{
"status": "affected",
"version": "11.8.1"
},
{
"status": "affected",
"version": "12.0.0"
},
{
"status": "affected",
"version": "12.0.1"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "12.1.0"
}
]
}
],
"datePublic": "2022-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 11.4.4 and below, TIBCO Spotfire Analyst: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Analyst: version 12.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 12.1.0 and below, TIBCO Spotfire Desktop: versions 11.4.4 and below, TIBCO Spotfire Desktop: versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1, TIBCO Spotfire Desktop: version 12.1.0, TIBCO Spotfire Server: versions 11.4.8 and below, TIBCO Spotfire Server: versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1, and TIBCO Spotfire Server: version 12.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Successful execution of these vulnerabilities will result in an attacker being able to execute commands with the privileges of the affected user.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00.000Z",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"url": "https://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2022/11/tibco-security-advisory-november-15-2022-tibco-spotfire-cve-2022-41558"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 11.4.4 and below: update to version 11.4.5 or later\nTIBCO Spotfire Analyst versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1: update to version 12.0.2 or later\nTIBCO Spotfire Analyst version 12.1.0: update to version 12.1.1 or later\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 12.1.0 and below: update to version 12.1.1 or later\nTIBCO Spotfire Desktop versions 11.4.4 and below: update to version 11.4.5 or later\nTIBCO Spotfire Desktop versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, and 12.0.1: update to version 12.0.2 or later\nTIBCO Spotfire Desktop version 12.1.0: update to version 12.1.1 or later\nTIBCO Spotfire Server versions 11.4.8 and below: update to version 11.4.9 or later\nTIBCO Spotfire Server versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, and 12.0.1: update to version 12.0.2 or later\nTIBCO Spotfire Server version 12.1.0: update to version 12.1.1 or later"
}
],
"source": {
"discovery": "Discovery statement"
},
"title": "TIBCO Spotfire Stored Cross Site Scripting (XSS) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2022-41558",
"datePublished": "2022-11-15T18:15:12.527Z",
"dateReserved": "2022-09-26T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:08:32.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23273 (GCVE-0-2021-23273)
Vulnerability from nvd – Published: 2021-03-09 20:35 – Updated: 2024-09-16 23:15
VLAI?
Title
TIBCO Spotfire Cross Site Scripting Vulnerability
Summary
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0.
Severity ?
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker gains access, including potentially administrative access, to the affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 10.3.3
(custom)
Affected: 10.10.0 Affected: 10.10.1 Affected: 10.10.2 Affected: 10.7.0 Affected: 10.8.0 Affected: 10.9.0 Affected: 11.0.0 Affected: 11.1.0 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "11.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.3.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
},
{
"status": "affected",
"version": "10.10.2"
},
{
"status": "affected",
"version": "10.10.3"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.1.0"
}
]
}
],
"datePublic": "2021-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker gains access, including potentially administrative access, to the affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-09T21:06:28",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and below update to version 11.2.0 or higher\nTIBCO Spotfire Desktop versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Server versions 10.3.11 and below update to version 10.3.12 or higher\nTIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3 update to version 10.10.4 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Cross Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2021-03-09T17:00:00Z",
"ID": "CVE-2021-23273",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "11.1.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.3.11"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
},
{
"version_affected": "=",
"version_value": "10.10.2"
},
{
"version_affected": "=",
"version_value": "10.10.3"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "11.0.0"
},
{
"version_affected": "=",
"version_value": "11.1.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker gains access, including potentially administrative access, to the affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2021/03/tibco-security-advisory-march-9-2021-tibco-spotfire"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Analyst versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 11.1.0 and below update to version 11.2.0 or higher\nTIBCO Spotfire Desktop versions 10.3.3 and below update to version 10.3.4 or higher\nTIBCO Spotfire Desktop versions 10.10.0, 10.10.1, and 10.10.2 update to version 10.10.3 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher\nTIBCO Spotfire Server versions 10.3.11 and below update to version 10.3.12 or higher\nTIBCO Spotfire Server versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3 update to version 10.10.4 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0 update to version 11.2.0 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2021-23273",
"datePublished": "2021-03-09T20:35:16.543095Z",
"dateReserved": "2021-01-08T00:00:00",
"dateUpdated": "2024-09-16T23:15:56.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9416 (GCVE-0-2020-9416)
Vulnerability from nvd – Published: 2020-09-15 18:55 – Updated: 2024-09-16 19:20
VLAI?
Title
TIBCO Spotfire Stored Cross Site Scripting Vulnerability
Summary
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.
Severity ?
8.2 (High)
CWE
- The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker's injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
10.7.0
Affected: 10.8.0 Affected: 10.9.0 Affected: 10.10.0 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
},
{
"status": "affected",
"version": "10.8.1"
},
{
"status": "affected",
"version": "10.9.0"
},
{
"status": "affected",
"version": "10.10.0"
},
{
"status": "affected",
"version": "10.10.1"
}
]
}
],
"datePublic": "2020-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker\u0027s injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-15T19:06:09",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Stored Cross Site Scripting Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-09-15T17:00:00Z",
"ID": "CVE-2020-9416",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Stored Cross Site Scripting Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
},
{
"version_affected": "=",
"version_value": "10.8.1"
},
{
"version_affected": "=",
"version_value": "10.9.0"
},
{
"version_affected": "=",
"version_value": "10.10.0"
},
{
"version_affected": "=",
"version_value": "10.10.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire client component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The theoretical impact of this vulnerability is that the attacker can execute scripts on the affected system of the victim that will execute with the privileges of the victim. If the victim has administrative privileges the attacker\u0027s injected scripts would allow the attacker to access all files, stop/start some services and change limited configuration settings."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-september-15-2020-tibco-spotfire"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher\nTIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher\nTIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9416",
"datePublished": "2020-09-15T18:55:11.663340Z",
"dateReserved": "2020-02-26T00:00:00",
"dateUpdated": "2024-09-16T19:20:42.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17334 (GCVE-0-2019-17334)
Vulnerability from nvd – Published: 2019-12-17 20:55 – Updated: 2024-09-16 18:39
VLAI?
Title
TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files
Summary
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
Severity ?
7.6 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 7.12.0 Affected: 7.13.0 Affected: 7.14.0 Affected: 10.0.0 Affected: 10.1.0 Affected: 10.2.0 Affected: 10.3.0 Affected: 10.3.1 Affected: 10.3.2 Affected: 10.4.0 Affected: 10.5.0 Affected: 10.6.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17334",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17334",
"datePublished": "2019-12-17T20:55:17.037330Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T18:39:10.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5435 (GCVE-0-2018-5435)
Vulnerability from nvd – Published: 2018-06-27 16:00 – Updated: 2024-09-16 19:51
VLAI?
Title
TIBCO Spotfire Product Family Remote Code Execution Vulnerability
Summary
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.
Severity ?
9.6 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.8.0
(custom)
Affected: 7.9.0 Affected: 7.9.1 Affected: 7.10.0 Affected: 7.10.1 Affected: 7.11.0 Affected: 7.12.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-29T15:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Product Family Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-26T16:00:00.000Z",
"ID": "CVE-2018-5435",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Product Family Remote Code Execution Vulnerability",
"UPDATED": "2018-06-28T18:00:00.000Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5435",
"datePublished": "2018-06-27T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-16T19:51:48.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5437 (GCVE-0-2018-5437)
Vulnerability from nvd – Published: 2018-06-27 16:00 – Updated: 2024-09-17 01:25
VLAI?
Title
TIBCO Spotfire Product Family Information Disclosure Vulnerability
Summary
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0.
Severity ?
6.8 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.8.0
(custom)
Affected: 7.9.0 Affected: 7.9.1 Affected: 7.10.0 Affected: 7.10.1 Affected: 7.11.0 Affected: 7.12.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:44.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
},
{
"status": "affected",
"version": "7.12.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.9.0"
},
{
"status": "affected",
"version": "7.9.1"
},
{
"status": "affected",
"version": "7.10.0"
},
{
"status": "affected",
"version": "7.10.1"
},
{
"status": "affected",
"version": "7.11.0"
}
]
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-29T15:57:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. When upgrading to one of the new versions some previously working functionality will be disabled by default and require configuration. Please review the README and other documentation for further information. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Product Family Information Disclosure Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-26T16:00:00.000Z",
"ID": "CVE-2018-5437",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Product Family Information Disclosure Vulnerability",
"UPDATED": "2018-06-28T18:00:00.000Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.8.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.9.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.10.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.11.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to additional confidential information, including credentials to access additional resources."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues. When upgrading to one of the new versions some previously working functionality will be disabled by default and require configuration. Please review the README and other documentation for further information. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2018-5437",
"datePublished": "2018-06-27T16:00:00Z",
"dateReserved": "2018-01-12T00:00:00",
"dateUpdated": "2024-09-17T01:25:43.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}