Search criteria
12 vulnerabilities found for spotfire_analytics_server by tibco
FKIE_CVE-2012-0690
Vulnerability from fkie_nvd - Published: 2012-03-13 10:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_server | 10.0.0 | |
| tibco | spotfire_analytics_server | 10.0.1 | |
| tibco | spotfire_server | 3.0.0 | |
| tibco | spotfire_server | 3.0.1 | |
| tibco | spotfire_server | 3.1.0 | |
| tibco | spotfire_server | 3.1.1 | |
| tibco | spotfire_server | 3.2.0 | |
| tibco | spotfire_server | 3.3.0 | |
| tibco | web_player_automation_services | * | |
| tibco | spotfire_professional | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B311C43-60C3-48FD-8D15-011494976DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:10.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B689CE85-479E-4A1D-A93D-6BA50151EEB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EAD01FF-01E7-4227-85A7-151710F09C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53A8389F-EF56-4AE8-A6E7-1FD27909841E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB808329-4833-44E6-8899-7ACC595A7532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "287F7473-7880-47E4-AAD5-3F0893451B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B26AB0F6-0A8E-42CE-9D01-54567C73AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A54C6A5-827C-4FD3-A102-E6400A4A9DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:web_player_automation_services:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69B18A65-F5A4-4288-A9FB-22752CBEC520",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_professional:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E316D976-EF8F-4DB4-904A-025DD01F9160",
"versionEndIncluding": "4.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL."
},
{
"lang": "es",
"value": "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, y Analytics Client Application de Spotfire Analytics Server anteriores a 10.1.2; Server anteriores a 3.3.3; y Web Player, Automation Services, y Professional anteriores a 4.0.2 permiten a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de una URL modificada."
}
],
"id": "CVE-2012-0690",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-03-13T10:55:01.150",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3133
Vulnerability from fkie_nvd - Published: 2011-09-02 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_server | * | |
| tibco | spotfire_analytics_server | 10.0.0 | |
| tibco | spotfire_server | 3.0.0 | |
| tibco | spotfire_server | 3.0.1 | |
| tibco | spotfire_server | 3.1.0 | |
| tibco | spotfire_server | 3.1.1 | |
| tibco | spotfire_server | 3.2.0 | |
| tibco | spotfire_server | 3.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8B38CE-0977-4B25-B706-58F6F4837040",
"versionEndIncluding": "10.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B311C43-60C3-48FD-8D15-011494976DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EAD01FF-01E7-4227-85A7-151710F09C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53A8389F-EF56-4AE8-A6E7-1FD27909841E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB808329-4833-44E6-8899-7ACC595A7532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "287F7473-7880-47E4-AAD5-3F0893451B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B26AB0F6-0A8E-42CE-9D01-54567C73AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A54C6A5-827C-4FD3-A102-E6400A4A9DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de tipo session fixation en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos secuestrar sesiones web a traves de vectores no especificados."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/384.html\r\n\u0027CWE-384: Session Fixation\u0027",
"id": "CVE-2011-3133",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-02T16:55:06.803",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45864"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3132
Vulnerability from fkie_nvd - Published: 2011-09-02 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_server | * | |
| tibco | spotfire_analytics_server | 10.0.0 | |
| tibco | spotfire_server | 3.0.0 | |
| tibco | spotfire_server | 3.0.1 | |
| tibco | spotfire_server | 3.1.0 | |
| tibco | spotfire_server | 3.1.1 | |
| tibco | spotfire_server | 3.2.0 | |
| tibco | spotfire_server | 3.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8B38CE-0977-4B25-B706-58F6F4837040",
"versionEndIncluding": "10.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B311C43-60C3-48FD-8D15-011494976DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EAD01FF-01E7-4227-85A7-151710F09C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53A8389F-EF56-4AE8-A6E7-1FD27909841E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB808329-4833-44E6-8899-7ACC595A7532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "287F7473-7880-47E4-AAD5-3F0893451B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B26AB0F6-0A8E-42CE-9D01-54567C73AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A54C6A5-827C-4FD3-A102-E6400A4A9DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos inyectar secuencias de comandos web y HTML a traves de vectores no especificados."
}
],
"id": "CVE-2011-3132",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-02T16:55:06.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45864"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3134
Vulnerability from fkie_nvd - Published: 2011-09-02 16:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| tibco | spotfire_analytics_server | * | |
| tibco | spotfire_analytics_server | 10.0.0 | |
| tibco | spotfire_server | 3.0.0 | |
| tibco | spotfire_server | 3.0.1 | |
| tibco | spotfire_server | 3.1.0 | |
| tibco | spotfire_server | 3.1.1 | |
| tibco | spotfire_server | 3.2.0 | |
| tibco | spotfire_server | 3.3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD8B38CE-0977-4B25-B706-58F6F4837040",
"versionEndIncluding": "10.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_analytics_server:10.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B311C43-60C3-48FD-8D15-011494976DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5EAD01FF-01E7-4227-85A7-151710F09C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53A8389F-EF56-4AE8-A6E7-1FD27909841E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB808329-4833-44E6-8899-7ACC595A7532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "287F7473-7880-47E4-AAD5-3F0893451B47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B26AB0F6-0A8E-42CE-9D01-54567C73AE2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tibco:spotfire_server:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A54C6A5-827C-4FD3-A102-E6400A4A9DC5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en TIBICO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, y Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos modificar datos y obtener informacion sensible a trav\u00e9s de una URL modificada"
}
],
"id": "CVE-2011-3134",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-02T16:55:06.850",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45864"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/45864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2012-0690 (GCVE-0-2012-0690)
Vulnerability from cvelistv5 – Published: 2012-03-13 10:00 – Updated: 2024-09-17 01:41
VLAI?
Summary
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0690",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-17T01:41:36.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3134 (GCVE-0-2011-3134)
Vulnerability from cvelistv5 – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45864"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3134",
"datePublished": "2011-09-02T16:00:00",
"dateReserved": "2011-08-11T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3133 (GCVE-0-2011-3133)
Vulnerability from cvelistv5 – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45864"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3133",
"datePublished": "2011-09-02T16:00:00",
"dateReserved": "2011-08-11T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3132 (GCVE-0-2011-3132)
Vulnerability from cvelistv5 – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45864"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3132",
"datePublished": "2011-09-02T16:00:00",
"dateReserved": "2011-08-11T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0690 (GCVE-0-2012-0690)
Vulnerability from nvd – Published: 2012-03-13 10:00 – Updated: 2024-09-17 01:41
VLAI?
Summary
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-03-13T10:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0690",
"datePublished": "2012-03-13T10:00:00Z",
"dateReserved": "2012-01-12T00:00:00Z",
"dateUpdated": "2024-09-17T01:41:36.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3134 (GCVE-0-2011-3134)
Vulnerability from nvd – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45864"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3134",
"datePublished": "2011-09-02T16:00:00",
"dateReserved": "2011-08-11T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3133 (GCVE-0-2011-3133)
Vulnerability from nvd – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.616Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45864"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3133",
"datePublished": "2011-09-02T16:00:00",
"dateReserved": "2011-08-11T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.616Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3132 (GCVE-0-2011-3132)
Vulnerability from nvd – Published: 2011-09-02 16:00 – Updated: 2024-08-06 23:22
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:22:27.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-23T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/45864"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45864"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3132",
"datePublished": "2011-09-02T16:00:00",
"dateReserved": "2011-08-11T00:00:00",
"dateUpdated": "2024-08-06T23:22:27.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}