Security Advisory Regarding TIBCO Spotfire Statistics Services
Article ID: KB0108066
Updated On:
| Products | Versions |
|---|---|
| Spotfire Statistics Services | 7.11.1 and below, 10.0.0 |
Description
TIBCO Spotfire Statistics Services Exposes Sensitive Files
Original release date: May 14, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that might theoretically
allow an authenticated user to access sensitive information needed by the
Spotfire Statistics Services server. The sensitive information that might be
affected includes database, JMX, LDAP, Windows service account, and user
credentials.
Impact
The impact of this vulnerability includes the theoretical possibility that
credentials to both the Spotfire Statistics Services server, and to other
systems could be exposed.
CVSS v3 Base Score: 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
Environment
Systems Affected
TIBCO Spotfire Statistics Services versions 7.11.1 and below
TIBCO Spotfire Statistics Services version 10.0.0
The following component is affected:
* Web interface
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
TIBCO Spotfire Statistics Services versions 7.11.1 and below update to
version 7.11.2 or higher
TIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
TIBCO Spotfire Statistics Services versions 7.11.1 and below update to
version 7.11.2 or higher
TIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher
Issue/Introduction
TIBCO Spotfire Statistics Services Exposes Sensitive Files
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2019-11204
http://www.tibco.com/services/support/advisories
CVE-2019-11204
Feedback
Yes
No
Powered by
