FKIE_CVE-2015-5713

Vulnerability from fkie_nvd - Published: 2015-10-28 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.
References
cve@mitre.orghttp://www.securitytracker.com/id/1034011
cve@mitre.orghttp://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txtVendor Advisory
cve@mitre.orghttp://www.tibco.com/mk/advisory.jspVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034011
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.tibco.com/mk/advisory.jspVendor Advisory
Impacted products
Vendor Product Version
tibco spotfire_server 5.5.0
tibco spotfire_server 5.5.1
tibco spotfire_server 5.5.2
tibco spotfire_server 5.5.3
tibco spotfire_server 6.0.0
tibco spotfire_server 6.0.1
tibco spotfire_server 6.0.2
tibco spotfire_server 6.0.3
tibco spotfire_server 6.0.4
tibco spotfire_server 6.5.0
tibco spotfire_server 6.5.1
tibco spotfire_server 6.5.2
tibco spotfire_server 6.5.3
tibco spotfire_server 7.0.0
tibco spotfire_analytics_platform_for_aws *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A25EDFEF-5AB5-4416-9DA1-CD5F09E7D2F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2566DD9-FAD8-4C81-9555-035CE303EDA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA577FFE-3D95-4824-88FE-41F4A6431B81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BE49169-F96D-43BE-97FF-267B3DCA1389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A424AA69-6047-4C18-B34A-CF6900E49C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "136549C9-317D-455D-870B-9DEB8972C837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B36BAD00-5EDC-4961-926F-6C3BBF3BCBA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "90096070-D473-403A-9E09-504D307450E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "335DE877-4B6B-4F34-8EE0-7638CBCCFE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8E1E236-1CE2-4A0E-8733-B0F515F1CF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A256A7E-80A2-4F5F-844D-1953DB23E714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4159019F-8982-40DB-A13C-37BF48473653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:6.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FCC5CB2-4BE7-428F-9A84-B19C51DFDA19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_server:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84EC1E4C-EA97-4892-BD26-23690194F693",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55798DF6-3619-495B-89F1-3B5BC6BFC0C7",
              "versionEndIncluding": "7.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL."
    },
    {
      "lang": "es",
      "value": "Spotfire Parsing Library y Spotfire Security Filter en TIBCO Spotfire Server 5.5.x en versiones anteriores a 5.5.4, 6.0.x en versiones anteriores a 6.0.5, 6.5.x en versiones anteriores a 6.5.4 y 7.0.x en versiones anteriores a 7.0.1 y Spotfire Analytics Platform en versiones anteriores a 7.0.2 para AWS Marketplace permiten a atacantes remotos obtener informaci\u00f3n de log sensible visitando una URL no especificada."
    }
  ],
  "id": "CVE-2015-5713",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-10-28T10:59:09.997",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1034011"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/mk/advisory.jsp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034011"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.tibco.com/mk/advisory.jsp"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.