Search criteria
60 vulnerabilities found for spotfire_analytics_platform_for_aws by tibco
FKIE_CVE-2020-9408
Vulnerability from fkie_nvd - Published: 2020-03-11 20:15 - Updated: 2024-11-21 05:40
Severity ?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | * | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 | |
| tibco | spotfire_server | 10.0.1 | |
| tibco | spotfire_server | 10.1.0 | |
| tibco | spotfire_server | 10.2.0 | |
| tibco | spotfire_server | 10.3.0 | |
| tibco | spotfire_server | 10.3.1 | |
| tibco | spotfire_server | 10.3.2 | |
| tibco | spotfire_server | 10.3.3 | |
| tibco | spotfire_server | 10.3.4 | |
| tibco | spotfire_server | 10.3.5 | |
| tibco | spotfire_server | 10.3.6 | |
| tibco | spotfire_server | 10.4.0 | |
| tibco | spotfire_server | 10.5.0 | |
| tibco | spotfire_server | 10.6.0 | |
| tibco | spotfire_server | 10.6.1 | |
| tibco | spotfire_server | 10.7.0 | |
| tibco | spotfire_server | 10.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03FDA07A-FF4F-4D5E-BC10-16049E3C8BC2",
"versionEndIncluding": "10.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28424400-3ADD-4719-A1FF-DD2BA3E78CB4",
"versionEndIncluding": "7.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121DE084-9E95-4768-872B-16B12DC421BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11F3CAA3-510B-400B-927E-8BEBB6DEFC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B75EF05E-A26B-4DAA-8550-80119A12149A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6CF19F-CD9D-4174-B6D0-EE65DACCF8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "107D36D1-83C9-463E-B87D-B6CA67381EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50180763-F7D4-4CEB-9DED-EE6A8EDC8049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D8708F-F06E-42C1-8D11-7265A102B708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0BE70-96A5-40BA-B990-5C831EB2B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2886371B-CDE7-4352-8F94-5455A6C0B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5413400F-1A04-4340-B75A-9BFE1BD3FEC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A586E5-91CB-4167-99A0-17D692AF02ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28151CD2-540D-4D16-A894-082C2946FEF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "901B6B29-8644-43BC-BFAD-3229CD37FB9E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0."
},
{
"lang": "es",
"value": "El componente de biblioteca Spotfire de TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, contienen una vulnerabilidad que te\u00f3ricamente permite a un atacante con permisos de escritura en la Biblioteca Spotfire, pero sin el permiso de grupo \"Script Author\", modificar atributos de archivos y objetos guardados en la biblioteca de modo que el sistema los trate como seguros. Esto podr\u00eda permitir a un atacante causar que Spotfire Web Player, Analyst clients y TERR Service ejecuten c\u00f3digo arbitrario con los privilegios de la cuenta system que inici\u00f3 esos procesos. Las versiones afectadas son TIBCO Spotfire Analytics Platform for AWS Marketplace: versiones 10.8.0 y por debajo y TIBCO Spotfire Server: versiones 7.11.9 y por debajo, versiones 7.12.0, 7.13.0, 7.14.0, 10.0. 0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5 y 10.3.6, versiones 10.4.0, 10.5. 0, 10.6.0, 10.6.1, 10.7.0 y 10.8.0. Todas de TIBCO Software Inc."
}
],
"id": "CVE-2020-9408",
"lastModified": "2024-11-21T05:40:34.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-11T20:15:13.210",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-17336
Vulnerability from fkie_nvd - Published: 2019-12-17 21:15 - Updated: 2024-11-21 04:32
Severity ?
Summary
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | 10.6.0 | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 | |
| tibco | spotfire_server | 10.0.1 | |
| tibco | spotfire_server | 10.1.0 | |
| tibco | spotfire_server | 10.2.0 | |
| tibco | spotfire_server | 10.2.1 | |
| tibco | spotfire_server | 10.3.0 | |
| tibco | spotfire_server | 10.3.1 | |
| tibco | spotfire_server | 10.3.2 | |
| tibco | spotfire_server | 10.3.3 | |
| tibco | spotfire_server | 10.3.4 | |
| tibco | spotfire_server | 10.4.0 | |
| tibco | spotfire_server | 10.5.0 | |
| tibco | spotfire_server | 10.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74725E74-1940-4DD4-ABC2-C417CE911A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62BF3477-0361-4F52-B900-BFC093EA911E",
"versionEndIncluding": "7.11.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62045408-6021-44AB-80DA-92D22D373F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121DE084-9E95-4768-872B-16B12DC421BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11F3CAA3-510B-400B-927E-8BEBB6DEFC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B75EF05E-A26B-4DAA-8550-80119A12149A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6CF19F-CD9D-4174-B6D0-EE65DACCF8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "107D36D1-83C9-463E-B87D-B6CA67381EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0BE70-96A5-40BA-B990-5C831EB2B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2886371B-CDE7-4352-8F94-5455A6C0B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5413400F-1A04-4340-B75A-9BFE1BD3FEC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
},
{
"lang": "es",
"value": "El componente de capa de acceso Data de TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform para AWS Marketplace y TIBCO Spotfire Server, contiene m\u00faltiples vulnerabilidades que te\u00f3ricamente permiten a un atacante acceder a la informaci\u00f3n que puede conllevar a una obtenci\u00f3n de credenciales usadas para acceder a las fuentes de datos de Spotfire. El atacante necesitar\u00eda privilegios para guardar un archivo de Spotfire en la biblioteca, y solo aplica en una situaci\u00f3n en la que las credenciales NTLM o un perfil de credenciales est\u00e1 en uso. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform para AWS Marketplace: versi\u00f3n 10.6.0 y TIBCO Spotfire Server: versiones 7.11.7 y por debajo, versiones 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3 y 10.3.4, versiones 10.4.0, 10.5.0 y 10.6.0."
}
],
"id": "CVE-2019-17336",
"lastModified": "2024-11-21T04:32:06.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T21:15:12.380",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-17337
Vulnerability from fkie_nvd - Published: 2019-12-17 21:15 - Updated: 2024-11-21 04:32
Severity ?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | 10.6.0 | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 | |
| tibco | spotfire_server | 10.0.1 | |
| tibco | spotfire_server | 10.1.0 | |
| tibco | spotfire_server | 10.2.0 | |
| tibco | spotfire_server | 10.2.1 | |
| tibco | spotfire_server | 10.3.0 | |
| tibco | spotfire_server | 10.3.1 | |
| tibco | spotfire_server | 10.3.2 | |
| tibco | spotfire_server | 10.3.3 | |
| tibco | spotfire_server | 10.3.4 | |
| tibco | spotfire_server | 10.4.0 | |
| tibco | spotfire_server | 10.5.0 | |
| tibco | spotfire_server | 10.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74725E74-1940-4DD4-ABC2-C417CE911A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62BF3477-0361-4F52-B900-BFC093EA911E",
"versionEndIncluding": "7.11.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62045408-6021-44AB-80DA-92D22D373F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121DE084-9E95-4768-872B-16B12DC421BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11F3CAA3-510B-400B-927E-8BEBB6DEFC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B75EF05E-A26B-4DAA-8550-80119A12149A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6CF19F-CD9D-4174-B6D0-EE65DACCF8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "107D36D1-83C9-463E-B87D-B6CA67381EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0BE70-96A5-40BA-B990-5C831EB2B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2886371B-CDE7-4352-8F94-5455A6C0B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5413400F-1A04-4340-B75A-9BFE1BD3FEC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
},
{
"lang": "es",
"value": "El componente de la biblioteca de Spotfire de TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform para AWS Marketplace y TIBCO Spotfire Server, contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante realizar un ataque de tipo cross-site scripting (XSS) reflejado. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform para AWS Marketplace: versi\u00f3n 10.6.0 y TIBCO Spotfire Server: versiones 7.11.7 y por debajo , versiones 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3 y 10.3.4, versiones 10.4.0, 10.5.0 y 10.6.0 ."
}
],
"id": "CVE-2019-17337",
"lastModified": "2024-11-21T04:32:06.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T21:15:12.507",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-17335
Vulnerability from fkie_nvd - Published: 2019-12-17 21:15 - Updated: 2024-11-21 04:32
Severity ?
Summary
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | 10.6.0 | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 | |
| tibco | spotfire_server | 10.0.1 | |
| tibco | spotfire_server | 10.1.0 | |
| tibco | spotfire_server | 10.2.0 | |
| tibco | spotfire_server | 10.2.1 | |
| tibco | spotfire_server | 10.3.0 | |
| tibco | spotfire_server | 10.3.1 | |
| tibco | spotfire_server | 10.3.2 | |
| tibco | spotfire_server | 10.3.3 | |
| tibco | spotfire_server | 10.3.4 | |
| tibco | spotfire_server | 10.4.0 | |
| tibco | spotfire_server | 10.5.0 | |
| tibco | spotfire_server | 10.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74725E74-1940-4DD4-ABC2-C417CE911A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "62BF3477-0361-4F52-B900-BFC093EA911E",
"versionEndIncluding": "7.11.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62045408-6021-44AB-80DA-92D22D373F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121DE084-9E95-4768-872B-16B12DC421BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11F3CAA3-510B-400B-927E-8BEBB6DEFC9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B75EF05E-A26B-4DAA-8550-80119A12149A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6C6CF19F-CD9D-4174-B6D0-EE65DACCF8EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "107D36D1-83C9-463E-B87D-B6CA67381EE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12B0BE70-96A5-40BA-B990-5C831EB2B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2886371B-CDE7-4352-8F94-5455A6C0B59B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5413400F-1A04-4340-B75A-9BFE1BD3FEC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
},
{
"lang": "es",
"value": "El componente de capa de acceso Data de TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform para AWS Marketplace y TIBCO Spotfire Server, contiene m\u00faltiples vulnerabilidades que te\u00f3ricamente permiten a un atacante acceder a los datos almacenados en cach\u00e9 desde una fuente de datos, o una parte de una fuente de datos, que el atacante no deber\u00eda tener acceso a. El atacante necesitar\u00eda privilegios para guardar un archivo de Spotfire en la biblioteca. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform para AWS Marketplace: versi\u00f3n 10.6.0 y TIBCO Spotfire Server: versiones 7.11.7 y por debajo, versiones 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3 y 10.3.4, versiones 10.4.0, 10.5.0 y 10.6.0 ."
}
],
"id": "CVE-2019-17335",
"lastModified": "2024-11-21T04:32:06.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T21:15:12.300",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-17334
Vulnerability from fkie_nvd - Published: 2019-12-17 21:15 - Updated: 2024-11-21 04:32
Severity ?
Summary
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analyst | * | |
| tibco | spotfire_analyst | 7.12.0 | |
| tibco | spotfire_analyst | 7.13.0 | |
| tibco | spotfire_analyst | 7.14.0 | |
| tibco | spotfire_analyst | 10.0.0 | |
| tibco | spotfire_analyst | 10.1.0 | |
| tibco | spotfire_analyst | 10.2.0 | |
| tibco | spotfire_analyst | 10.3.0 | |
| tibco | spotfire_analyst | 10.3.1 | |
| tibco | spotfire_analyst | 10.3.2 | |
| tibco | spotfire_analyst | 10.4.0 | |
| tibco | spotfire_analyst | 10.5.0 | |
| tibco | spotfire_analyst | 10.6.0 | |
| tibco | spotfire_analytics_platform_for_aws | 10.6.0 | |
| tibco | spotfire_deployment_kit | * | |
| tibco | spotfire_desktop | * | |
| tibco | spotfire_desktop | 7.12.0 | |
| tibco | spotfire_desktop | 7.13.0 | |
| tibco | spotfire_desktop | 7.14.0 | |
| tibco | spotfire_desktop | 10.0.0 | |
| tibco | spotfire_desktop | 10.1.0 | |
| tibco | spotfire_desktop | 10.2.0 | |
| tibco | spotfire_desktop | 10.3.0 | |
| tibco | spotfire_desktop | 10.3.1 | |
| tibco | spotfire_desktop | 10.3.2 | |
| tibco | spotfire_desktop | 10.4.0 | |
| tibco | spotfire_desktop | 10.5.0 | |
| tibco | spotfire_desktop | 10.6.0 | |
| tibco | spotfire_desktop_language_packs | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB894D2-BCDB-4E0A-AA7B-4ACA4B8A1E4A",
"versionEndIncluding": "7.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9421F962-9DF2-47FC-A0D7-C90E6E2D0792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98BBF9F4-E29A-43DE-9B82-38FEBDFDE18F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F18028-5359-4EAE-82AE-A9A0E9E95EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90A36A15-5120-4C99-ABA0-29948879FF0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1D625F1E-33A1-4A6D-A4A1-1BEF11633B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC070A8-515C-4BFC-8777-C5C56A275018",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B81DE3A2-30BB-455A-ACD3-CDEBAEE9DBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF65A903-2AF8-4A12-93F8-5645EA280808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C4BDDBE-3B8C-42E7-AA9B-0B166D807AE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "218EEDC3-9F1A-49A7-9ABA-6006AB0E5586",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F15EAA93-A037-4AA9-908A-3478E701CB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analyst:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73A1E671-2901-409C-9A34-234A401241A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74725E74-1940-4DD4-ABC2-C417CE911A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB885AA-2B0C-4CF1-9CFE-2EE31548D579",
"versionEndIncluding": "7.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "712FA45A-A06A-40EB-9D4E-2F13AF2FFC05",
"versionEndIncluding": "7.11.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "031D605C-66FE-40BC-B73C-D122944DBF08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C712D60-282E-4CB5-A6B3-2E8AB3D17C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B99EE75F-9D35-43EA-A53C-1E792EAF640A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EB4DC3F-3F2F-4231-9A17-174C21E5634F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD5F4A7F-EF07-40FE-91EE-750090857746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72D8636D-13A4-4A6E-B946-120C4EA3BC5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E56F19A5-E482-4DF0-8533-54602A2C482D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F932843-60C6-437D-81D5-8BAD642B0CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14A497AD-F1A8-42DB-954A-FF0F9F309013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C0D79B-B880-4D70-8FF5-2B04B082A8C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "670A2ACC-EAEC-40B3-A47A-74871204A711",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop:10.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F288EDE4-5EA5-4B58-A113-FFDF68A70461",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_desktop_language_packs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F34C58D-DF67-4EDF-A27E-004248FB36A5",
"versionEndIncluding": "7.11.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
},
{
"lang": "es",
"value": "El componente Visualizations de TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform para AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, y TIBCO Spotfire Desktop Language Packs, contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante, con permiso para escribir archivos DXP en la biblioteca de Spotfire, ejecutar c\u00f3digo remotamente de su elecci\u00f3n en la cuenta de usuario de otros usuarios que acceden al sistema afectado. Este ataque es un riesgo solo cuando el atacante tiene acceso de escritura a un sistema de archivos de red compartido con el sistema afectado. Las versiones afectadas son TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versiones 7.11.1 y por debajo, versiones 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3 .1 y 10.3.2, versiones 10.4.0, 10.5.0 y 10.6.0, TIBCO Spotfire Analytics Platform para AWS Marketplace: versi\u00f3n 10.6.0, TIBCO Spotfire Deployment Kit: versiones 7.11.1 y por debajo, TIBCO Spotfire Desktop : versiones 7.11.1 y por debajo, versiones 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1 y 10.3.2, versiones 10.4.0, 10.5.0 y 10.6.0, y TIBCO Spotfire Desktop Language Packs: versiones 7.11.1 y por debajo."
}
],
"id": "CVE-2019-17334",
"lastModified": "2024-11-21T04:32:06.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.9,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-17T21:15:12.097",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11210
Vulnerability from fkie_nvd - Published: 2019-09-18 23:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | enterprise_runtime_for_r | * | |
| tibco | spotfire_analytics_platform_for_aws | 10.4.0 | |
| tibco | spotfire_analytics_platform_for_aws | 10.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:*:*:*:*:server:*:*:*",
"matchCriteriaId": "64B31B30-DD6D-4B9F-AB52-3BBF008931C8",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "041A7CA8-A0B9-4888-A977-4867FD46C248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6470D387-3DB3-4C2A-A14E-471E8723BC8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0."
},
{
"lang": "es",
"value": "TIBCO Enterprise Runtime para R - Server Edition, y TIBCO Spotfire Analytics Platform para AWS Marketplace del componente servidor de TIBCO Software Inc., contiene una vulnerabilidad que te\u00f3ricamente permite a un usuario no autenticado omitir los controles de acceso y ejecutar c\u00f3digo remotamente usando el alojamiento de una cuenta de sistema operativo en el componente afectado. Este problema afecta: TIBCO Enterprise Runtime para R - Server Edition versiones 1.2.0 y posteriores, y TIBCO Spotfire Analytics Platform para AWS Marketplace versiones 10.4.0 y 10.5.0."
}
],
"id": "CVE-2019-11210",
"lastModified": "2024-11-21T04:20:44.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:10.860",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11211
Vulnerability from fkie_nvd - Published: 2019-09-18 23:15 - Updated: 2024-11-21 04:20
Severity ?
Summary
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | enterprise_runtime_for_r | * | |
| tibco | spotfire_analytics_platform_for_aws | 10.4.0 | |
| tibco | spotfire_analytics_platform_for_aws | 10.5.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:enterprise_runtime_for_r:*:*:*:*:server:*:*:*",
"matchCriteriaId": "64B31B30-DD6D-4B9F-AB52-3BBF008931C8",
"versionEndIncluding": "1.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "041A7CA8-A0B9-4888-A977-4867FD46C248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6470D387-3DB3-4C2A-A14E-471E8723BC8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0."
},
{
"lang": "es",
"value": "TIBCO Enterprise Runtime para R - Server Edition, y TIBCO Spotfire Analytics Platform para AWS Marketplace del componente servidor de TIBCO Software Inc., contiene una vulnerabilidad que te\u00f3ricamente permite a un usuario autenticado activar la ejecuci\u00f3n de c\u00f3digo remota en determinadas circunstancias. Cuando el componente afectado es ejecutado con el servicio TERR en contenedores sobre Linux, en teor\u00eda, el host puede ser enga\u00f1ado para ejecutar c\u00f3digo malicioso. Este problema afecta a: TIBCO Enterprise Runtime para R - Server Edition versi\u00f3n 1.2.0 y posteriores, y TIBCO Spotfire Analytics Platform para AWS Marketplace versiones 10.4.0; 10.5.0."
}
],
"id": "CVE-2019-11211",
"lastModified": "2024-11-21T04:20:44.133",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-09-18T23:15:10.923",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11206
Vulnerability from fkie_nvd - Published: 2019-05-14 20:29 - Updated: 2024-11-21 04:20
Severity ?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0.
References
| URL | Tags | ||
|---|---|---|---|
| security@tibco.com | http://www.securityfocus.com/bid/108405 | Broken Link, Third Party Advisory, VDB Entry | |
| security@tibco.com | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| security@tibco.com | https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108405 | Broken Link, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.tibco.com/services/support/advisories | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | * | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 | |
| tibco | spotfire_server | 10.0.1 | |
| tibco | spotfire_server | 10.1.0 | |
| tibco | spotfire_server | 10.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E663B6CD-B55A-413D-9FCA-A68B53E98D43",
"versionEndIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE197B05-3C6D-42FF-920D-EF3F72F319E0",
"versionEndIncluding": "7.11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
},
{
"lang": "es",
"value": "El componente Spotfire library de TIBCO Software Inc. TIBCO Spotfire Analytics Platform para AWS Marketplace, y TIBCO Spotfire Server contiene vulnerabilidades que te\u00f3ricamente permiten que un usuario malicioso socave la integridad de los comentarios y marcadores. Las versiones afectadas son la plataforma de an\u00e1lisis TIBCO Spotfire de TIBCO Software Inc. para AWS Marketplace: la versi\u00f3n 10.2.0, y TIBCO Spotfire Server: la versi\u00f3n 7.11.2; versi\u00f3n 7.12.0; versi\u00f3n 7.13.0; versi\u00f3n 7.14.0; versi\u00f3n10.0.0; versi\u00f3n 10.0.1; versi\u00f3n 10.1.0; y versi\u00f3n 10.2.0."
}
],
"id": "CVE-2019-11206",
"lastModified": "2024-11-21T04:20:43.523",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@tibco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-14T20:29:03.090",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108405"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-11205
Vulnerability from fkie_nvd - Published: 2019-05-14 20:29 - Updated: 2024-11-21 04:20
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | 7.14.0 | |
| tibco | spotfire_analytics_platform_for_aws | 7.14.1 | |
| tibco | spotfire_analytics_platform_for_aws | 10.0.0 | |
| tibco | spotfire_analytics_platform_for_aws | 10.0.1 | |
| tibco | spotfire_analytics_platform_for_aws | 10.1.0 | |
| tibco | spotfire_analytics_platform_for_aws | 10.2.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 | |
| tibco | spotfire_server | 10.0.1 | |
| tibco | spotfire_server | 10.1.0 | |
| tibco | spotfire_server | 10.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5AC9919-F8DF-45FB-B182-E61967A99EA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:7.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FE66E9D8-3C21-45B2-877E-59B4806D0425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2CA6F3-0A0C-4759-A298-CA128B6064FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4E1BFA1-45E8-4A51-AE21-99D78F22A1DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15130A7E-C732-4B20-B2D3-3240289E1BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3EDD545-1508-4356-A286-F320A5862FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0."
},
{
"lang": "es",
"value": "El componente Web Server de TIBCO Software Inc. TIBCO Spotfire Analytics Platform para AWS Marketplace, y TIBCO Spotfire Server posee vulnerabilidades que te\u00f3ricamente permiten ataques reflejados de secuencias de tipo cross-site (XSS). Las versiones afectadas son la plataforma TIBCO Spotfire Analytics de TIBCO Software Inc. para AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, y TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0."
}
],
"id": "CVE-2019-11205",
"lastModified": "2024-11-21T04:20:43.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-05-14T20:29:02.997",
"references": [
{
"source": "security@tibco.com",
"url": "http://www.securityfocus.com/bid/108384"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18812
Vulnerability from fkie_nvd - Published: 2019-01-16 22:29 - Updated: 2024-11-21 03:56
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
5.3 (Medium) - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | * | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.11.0 | |
| tibco | spotfire_server | 7.11.1 | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D10198-A17E-432F-BEB4-F98A8A067839",
"versionEndIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA796C00-8493-40A3-BE34-3B5703194E7A",
"versionEndIncluding": "7.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F60AE38F-9603-47B1-9451-6A9B9D8FC065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE8942-B051-4142-BFAE-5D47B883B7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Spotfire Library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0."
},
{
"lang": "es",
"value": "El componente Spotfire Library de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene una vulnerabilidad que, en teor\u00eda, podr\u00eda hacer que no se restrinja a los usuarios con acceso de solo lectura la modificaci\u00f3n de archivos almacenados en la biblioteca de Spotfire, solo cuando \u00e9sta est\u00e1 configurada para que emplee el almacenamiento externo. Las versiones afectadas de los productos de TIBCO Software Inc. son TIBCO Spotfire Analytics Platform for AWS Marketplace en versiones hasta e incluyendo la 10.0.0 y TIBCO Spotfire Server en versiones hasta e incluyendo las 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0 y la 10.0.0."
}
],
"id": "CVE-2018-18812",
"lastModified": "2024-11-21T03:56:40.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T22:29:00.233",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106635"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18814
Vulnerability from fkie_nvd - Published: 2019-01-16 22:29 - Updated: 2024-11-21 03:56
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | * | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.11.0 | |
| tibco | spotfire_server | 7.11.1 | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D10198-A17E-432F-BEB4-F98A8A067839",
"versionEndIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA796C00-8493-40A3-BE34-3B5703194E7A",
"versionEndIncluding": "7.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F60AE38F-9603-47B1-9451-6A9B9D8FC065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE8942-B051-4142-BFAE-5D47B883B7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TIBCO Spotfire authentication component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0."
},
{
"lang": "es",
"value": "El componente de autenticaci\u00f3n TIBCO Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene una vulnerabilidad en el manejo de la autenticaci\u00f3n que, en teor\u00eda, podr\u00eda permitir que un atacante obtenga acceso total a una cuenta objetivo, independientemente de los mecanismos de autenticaci\u00f3n configurados. Las versiones afectadas de los productos de TIBCO Software Inc. son TIBCO Spotfire Analytics Platform for AWS Marketplace: versiones hasta e incluyendo la 10.0.0 y TIBCO Spotfire Server: versiones hasta e incluyendo las 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0 y la 7.14.0."
}
],
"id": "CVE-2018-18814",
"lastModified": "2024-11-21T03:56:40.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T22:29:00.357",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106635"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-18813
Vulnerability from fkie_nvd - Published: 2019-01-16 22:29 - Updated: 2024-11-21 03:56
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_platform_for_aws | * | |
| tibco | spotfire_server | * | |
| tibco | spotfire_server | 7.11.0 | |
| tibco | spotfire_server | 7.11.1 | |
| tibco | spotfire_server | 7.12.0 | |
| tibco | spotfire_server | 7.13.0 | |
| tibco | spotfire_server | 7.14.0 | |
| tibco | spotfire_server | 10.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D10198-A17E-432F-BEB4-F98A8A067839",
"versionEndIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA796C00-8493-40A3-BE34-3B5703194E7A",
"versionEndIncluding": "7.10.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F60AE38F-9603-47B1-9451-6A9B9D8FC065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE8942-B051-4142-BFAE-5D47B883B7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Spotfire web server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0."
},
{
"lang": "es",
"value": "El componente del servidor web Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene m\u00faltiples vulnerabilidades que podr\u00edan permitir ataques de Componente persistente y reflejado. Las versiones afectadas de los productos de TIBCO Software Inc.son TIBCO Spotfire Analytics Platform for AWS Marketplace: versiones hasta e incluyendo la 10.0.0 y TIBCO Spotfire Server: versiones hasta e incluyendo las 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0 y la 10.0.0."
}
],
"id": "CVE-2018-18813",
"lastModified": "2024-11-21T03:56:40.170",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@tibco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-16T22:29:00.310",
"references": [
{
"source": "security@tibco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106635"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "security@tibco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813"
}
],
"sourceIdentifier": "security@tibco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-9408 (GCVE-0-2020-9408)
Vulnerability from cvelistv5 – Published: 2020-03-11 19:55 – Updated: 2024-09-16 22:30
VLAI?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
unspecified , ≤ 10.8.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.3.5"
},
{
"status": "affected",
"version": "10.3.6"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
}
]
}
],
"datePublic": "2020-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T19:55:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher\nTIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-03-11T17:00:00Z",
"ID": "CVE-2020-9408",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.8.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.9"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.3.5"
},
{
"version_affected": "=",
"version_value": "10.3.6"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher\nTIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9408",
"datePublished": "2020-03-11T19:55:12.878877Z",
"dateReserved": "2020-02-26T00:00:00",
"dateUpdated": "2024-09-16T22:30:59.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17336 (GCVE-0-2019-17336)
Vulnerability from cvelistv5 – Published: 2019-12-17 20:55 – Updated: 2024-09-17 02:06
VLAI?
Summary
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Severity ?
7.7 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker recovers credentials used to access Spotfire data sources.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
10.6.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.2.1"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker recovers credentials used to access Spotfire data sources.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:17",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17336",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.7"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.2.1"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker recovers credentials used to access Spotfire data sources."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17336",
"datePublished": "2019-12-17T20:55:18.061334Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-17T02:06:23.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17337 (GCVE-0-2019-17337)
Vulnerability from cvelistv5 – Published: 2019-12-17 20:55 – Updated: 2024-09-16 21:02
VLAI?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Severity ?
8.1 (High)
CWE
- The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
10.6.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.2.1"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:18",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17337",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.7"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.2.1"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17337",
"datePublished": "2019-12-17T20:55:18.595101Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T21:02:56.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17334 (GCVE-0-2019-17334)
Vulnerability from cvelistv5 – Published: 2019-12-17 20:55 – Updated: 2024-09-16 18:39
VLAI?
Summary
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
Severity ?
7.6 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 7.12.0 Affected: 7.13.0 Affected: 7.14.0 Affected: 10.0.0 Affected: 10.1.0 Affected: 10.2.0 Affected: 10.3.0 Affected: 10.3.1 Affected: 10.3.2 Affected: 10.4.0 Affected: 10.5.0 Affected: 10.6.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17334",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17334",
"datePublished": "2019-12-17T20:55:17.037330Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T18:39:10.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17335 (GCVE-0-2019-17335)
Vulnerability from cvelistv5 – Published: 2019-12-17 20:55 – Updated: 2024-09-16 20:58
VLAI?
Summary
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Severity ?
5.3 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that the attacker could gain unauthorized access to data that other users have recently viewed.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
10.6.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.2.1"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that the attacker could gain unauthorized access to data that other users have recently viewed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:17",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17335",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.7"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.2.1"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that the attacker could gain unauthorized access to data that other users have recently viewed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17335",
"datePublished": "2019-12-17T20:55:17.568949Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T20:58:01.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11211 (GCVE-0-2019-11211)
Vulnerability from cvelistv5 – Published: 2019-09-18 22:21 – Updated: 2024-09-17 03:34
VLAI?
Summary
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
1.2.0 and below
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.2.0 and below"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
}
]
}
],
"datePublic": "2019-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T22:34:53",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address this issue:\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-09-17T16:00:00.000Z",
"ID": "CVE-2019-11211",
"STATE": "PUBLIC",
"TITLE": "TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_value": "1.2.0 and below"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_value": "10.4.0"
},
{
"version_value": "10.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address this issue:\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11211",
"datePublished": "2019-09-18T22:21:04.828450Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-17T03:34:08.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11210 (GCVE-0-2019-11210)
Vulnerability from cvelistv5 – Published: 2019-09-18 22:20 – Updated: 2024-09-16 19:20
VLAI?
Summary
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
Severity ?
10 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
1.2.0 and below
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.2.0 and below"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
}
]
}
],
"datePublic": "2019-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T22:32:35",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher\n\nTo temporarily remediate this vulnerability, the machine hosting the affected component can be protected via a properly configured firewall. Use a configuration that limits access to only the TIBCO Spotfire Server and the TIBCO Spotfire Web Player."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-09-17T16:00:00.000Z",
"ID": "CVE-2019-11210",
"STATE": "PUBLIC",
"TITLE": "TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_value": "1.2.0 and below"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_value": "10.4.0"
},
{
"version_value": "10.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher\n\nTo temporarily remediate this vulnerability, the machine hosting the affected component can be protected via a properly configured firewall. Use a configuration that limits access to only the TIBCO Spotfire Server and the TIBCO Spotfire Web Player."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11210",
"datePublished": "2019-09-18T22:20:49.918344Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T19:20:22.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11205 (GCVE-0-2019-11205)
Vulnerability from cvelistv5 – Published: 2019-05-14 19:57 – Updated: 2024-09-17 00:05
VLAI?
Summary
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
7.14.0
Affected: 7.14.1 Affected: 10.0.0 Affected: 10.0.1 Affected: 10.1.0 Affected: 10.2.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
},
{
"name": "108384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "7.14.1"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
},
{
"name": "108384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108384"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.14.0, 7.14.1, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11205",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
},
{
"name": "108384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108384"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.14.0, 7.14.1, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11205",
"datePublished": "2019-05-14T19:57:29.812575Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-17T00:05:43.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11206 (GCVE-0-2019-11206)
Vulnerability from cvelistv5 – Published: 2019-05-14 19:57 – Updated: 2024-09-16 18:13
VLAI?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0.
Severity ?
4.3 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
unspecified , ≤ 10.2.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
},
{
"name": "108405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T07:06:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
},
{
"name": "108405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108405"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11206",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.13.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
},
{
"name": "108405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108405"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11206",
"datePublished": "2019-05-14T19:57:29.852145Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T18:13:40.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9408 (GCVE-0-2020-9408)
Vulnerability from nvd – Published: 2020-03-11 19:55 – Updated: 2024-09-16 22:30
VLAI?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
unspecified , ≤ 10.8.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:26:16.100Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.3.5"
},
{
"status": "affected",
"version": "10.3.6"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
},
{
"status": "affected",
"version": "10.6.1"
},
{
"status": "affected",
"version": "10.7.0"
},
{
"status": "affected",
"version": "10.8.0"
}
]
}
],
"datePublic": "2020-03-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-11T19:55:12",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher\nTIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2020-03-11T17:00:00Z",
"ID": "CVE-2020-9408",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "10.8.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.9"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.3.5"
},
{
"version_affected": "=",
"version_value": "10.3.6"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
},
{
"version_affected": "=",
"version_value": "10.6.1"
},
{
"version_affected": "=",
"version_value": "10.7.0"
},
{
"version_affected": "=",
"version_value": "10.8.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not \"Script Author\" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arbitrary code with the privileges of the system account that started those processes. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.8.0 and below and TIBCO Spotfire Server: versions 7.11.9 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6, versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could execute arbitrary code with the privileges of the system account that started the Spotfire Web Player, Analyst clients, or TERR Service."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2020/03/tibco-security-advisory-march-11-2020-tibco-spotfire-server"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.8.0 and below update to version 10.8.1 or higher\nTIBCO Spotfire Server versions 7.11.9 and below update to version 7.11.10 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.3.5, and 10.3.6 update to version 10.3.7 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, and 10.8.0 update to version 10.8.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2020-9408",
"datePublished": "2020-03-11T19:55:12.878877Z",
"dateReserved": "2020-02-26T00:00:00",
"dateUpdated": "2024-09-16T22:30:59.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17336 (GCVE-0-2019-17336)
Vulnerability from nvd – Published: 2019-12-17 20:55 – Updated: 2024-09-17 02:06
VLAI?
Summary
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Severity ?
7.7 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker recovers credentials used to access Spotfire data sources.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
10.6.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.2.1"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker recovers credentials used to access Spotfire data sources.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:17",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17336",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.7"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.2.1"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker recovers credentials used to access Spotfire data sources."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17336",
"datePublished": "2019-12-17T20:55:18.061334Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-17T02:06:23.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17337 (GCVE-0-2019-17337)
Vulnerability from nvd – Published: 2019-12-17 20:55 – Updated: 2024-09-16 21:02
VLAI?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Severity ?
8.1 (High)
CWE
- The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
10.6.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.2.1"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:18",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17337",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.7"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.2.1"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17337",
"datePublished": "2019-12-17T20:55:18.595101Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T21:02:56.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17334 (GCVE-0-2019-17334)
Vulnerability from nvd – Published: 2019-12-17 20:55 – Updated: 2024-09-16 18:39
VLAI?
Summary
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.
Severity ?
7.6 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analyst |
Affected:
unspecified , ≤ 7.11.1
(custom)
Affected: 7.12.0 Affected: 7.13.0 Affected: 7.14.0 Affected: 10.0.0 Affected: 10.1.0 Affected: 10.2.0 Affected: 10.3.0 Affected: 10.3.1 Affected: 10.3.2 Affected: 10.4.0 Affected: 10.5.0 Affected: 10.6.0 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.457Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analyst",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Deployment Kit",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Desktop",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Desktop Language Packs",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:16",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17334",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analyst",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Deployment Kit",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Desktop Language Packs",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.1"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Visualizations component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that the attacker gains full control of the user account that accesses affected system."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analyst versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Analyst versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Analyst versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Desktop versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2 update to version 10.3.3 or higher\nTIBCO Spotfire Desktop versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.11.1 and below update to version 7.11.2 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17334",
"datePublished": "2019-12-17T20:55:17.037330Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T18:39:10.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17335 (GCVE-0-2019-17335)
Vulnerability from nvd – Published: 2019-12-17 20:55 – Updated: 2024-09-16 20:58
VLAI?
Summary
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Severity ?
5.3 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that the attacker could gain unauthorized access to data that other users have recently viewed.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
10.6.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:40:14.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.6.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
},
{
"status": "affected",
"version": "10.2.1"
},
{
"status": "affected",
"version": "10.3.0"
},
{
"status": "affected",
"version": "10.3.1"
},
{
"status": "affected",
"version": "10.3.2"
},
{
"status": "affected",
"version": "10.3.3"
},
{
"status": "affected",
"version": "10.3.4"
},
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
},
{
"status": "affected",
"version": "10.6.0"
}
]
}
],
"datePublic": "2019-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that the attacker could gain unauthorized access to data that other users have recently viewed.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-17T20:55:17",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-12-17T17:00:00Z",
"ID": "CVE-2019-17335",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "7.11.7"
},
{
"version_affected": "=",
"version_value": "7.12.0"
},
{
"version_affected": "=",
"version_value": "7.13.0"
},
{
"version_affected": "=",
"version_value": "7.14.0"
},
{
"version_affected": "=",
"version_value": "10.0.0"
},
{
"version_affected": "=",
"version_value": "10.0.1"
},
{
"version_affected": "=",
"version_value": "10.1.0"
},
{
"version_affected": "=",
"version_value": "10.2.0"
},
{
"version_affected": "=",
"version_value": "10.2.1"
},
{
"version_affected": "=",
"version_value": "10.3.0"
},
{
"version_affected": "=",
"version_value": "10.3.1"
},
{
"version_affected": "=",
"version_value": "10.3.2"
},
{
"version_affected": "=",
"version_value": "10.3.3"
},
{
"version_affected": "=",
"version_value": "10.3.4"
},
{
"version_affected": "=",
"version_value": "10.4.0"
},
{
"version_affected": "=",
"version_value": "10.5.0"
},
{
"version_affected": "=",
"version_value": "10.6.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Data access layer component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that the attacker could gain unauthorized access to data that other users have recently viewed."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17335"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-17335",
"datePublished": "2019-12-17T20:55:17.568949Z",
"dateReserved": "2019-10-07T00:00:00",
"dateUpdated": "2024-09-16T20:58:01.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11211 (GCVE-0-2019-11211)
Vulnerability from nvd – Published: 2019-09-18 22:21 – Updated: 2024-09-17 03:34
VLAI?
Summary
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0.
Severity ?
9.9 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
1.2.0 and below
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.046Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.2.0 and below"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
}
]
}
],
"datePublic": "2019-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T22:34:53",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address this issue:\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-09-17T16:00:00.000Z",
"ID": "CVE-2019-11211",
"STATE": "PUBLIC",
"TITLE": "TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_value": "1.2.0 and below"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_value": "10.4.0"
},
{
"version_value": "10.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace 10.4.0; 10.5.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11211"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address this issue:\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11211",
"datePublished": "2019-09-18T22:21:04.828450Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-17T03:34:08.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11210 (GCVE-0-2019-11210)
Vulnerability from nvd – Published: 2019-09-18 22:20 – Updated: 2024-09-16 19:20
VLAI?
Summary
The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0.
Severity ?
10 (Critical)
CWE
- The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Enterprise Runtime for R - Server Edition |
Affected:
1.2.0 and below
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Enterprise Runtime for R - Server Edition",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "1.2.0 and below"
}
]
},
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "10.4.0"
},
{
"status": "affected",
"version": "10.5.0"
}
]
}
],
"datePublic": "2019-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-18T22:32:35",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher\n\nTo temporarily remediate this vulnerability, the machine hosting the affected component can be protected via a properly configured firewall. Use a configuration that limits access to only the TIBCO Spotfire Server and the TIBCO Spotfire Web Player."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-09-17T16:00:00.000Z",
"ID": "CVE-2019-11210",
"STATE": "PUBLIC",
"TITLE": "TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Enterprise Runtime for R - Server Edition",
"version": {
"version_data": [
{
"version_value": "1.2.0 and below"
}
]
}
},
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"version_value": "10.4.0"
},
{
"version_value": "10.5.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server component of TIBCO Software Inc.\u0027s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an attacker could gain full control of the operating system account hosting the affected component. In addition to the information flowing through the system, the exposed information might include secrets necessary to issue trusted requests to other TIBCO Spotfire servers."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/09/tibco-security-advisory-september-17-2019-tibco-enterprise-runtime-for-r-server-2019-11210"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected systems which address these issues.\n\nTIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below update to version 1.2.1 or higher\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4.0 and 10.5.0 update to version 10.5.1 or higher\n\nTo temporarily remediate this vulnerability, the machine hosting the affected component can be protected via a properly configured firewall. Use a configuration that limits access to only the TIBCO Spotfire Server and the TIBCO Spotfire Web Player."
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11210",
"datePublished": "2019-09-18T22:20:49.918344Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T19:20:22.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11205 (GCVE-0-2019-11205)
Vulnerability from nvd – Published: 2019-05-14 19:57 – Updated: 2024-09-17 00:05
VLAI?
Summary
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.
Severity ?
8.8 (High)
CWE
- The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
7.14.0
Affected: 7.14.1 Affected: 10.0.0 Affected: 10.0.1 Affected: 10.1.0 Affected: 10.2.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
},
{
"name": "108384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "7.14.1"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-20T15:06:02",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
},
{
"name": "108384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108384"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.14.0, 7.14.1, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11205",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
},
{
"name": "108384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108384"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.14.0, 7.14.1, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11205",
"datePublished": "2019-05-14T19:57:29.812575Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-17T00:05:43.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-11206 (GCVE-0-2019-11206)
Vulnerability from nvd – Published: 2019-05-14 19:57 – Updated: 2024-09-16 18:13
VLAI?
Summary
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0.
Severity ?
4.3 (Medium)
CWE
- The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment.
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace |
Affected:
unspecified , ≤ 10.2.0
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
},
{
"name": "108405",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "10.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "TIBCO Spotfire Server",
"vendor": "TIBCO Software Inc.",
"versions": [
{
"lessThanOrEqual": "7.11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.12.0"
},
{
"status": "affected",
"version": "7.13.0"
},
{
"status": "affected",
"version": "7.14.0"
},
{
"status": "affected",
"version": "10.0.0"
},
{
"status": "affected",
"version": "10.0.1"
},
{
"status": "affected",
"version": "10.1.0"
},
{
"status": "affected",
"version": "10.2.0"
}
]
}
],
"datePublic": "2019-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T07:06:01",
"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"shortName": "tibco"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.tibco.com/services/support/advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
},
{
"name": "108405",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108405"
}
],
"solutions": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "USER"
},
"title": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11206",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "7.11.2"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.12.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.13.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.\u0027s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206",
"refsource": "MISC",
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
},
{
"name": "108405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108405"
}
]
},
"solution": [
{
"lang": "en",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db",
"assignerShortName": "tibco",
"cveId": "CVE-2019-11206",
"datePublished": "2019-05-14T19:57:29.852145Z",
"dateReserved": "2019-04-12T00:00:00",
"dateUpdated": "2024-09-16T18:13:40.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}