Security Advisory Regarding TIBCO Spotfire Server
Article ID: KB0108068
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 |
Description
TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting
Vulnerabilities
Original release date: May 14, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains vulnerabilities that theoretically allow
reflected cross-site scripting (XSS) attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that
an unauthenticated attacker could gain administrative access to the web
interface of the affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A
Environment
Systems Affected
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and
below
TIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0
The following component is affected:
* web server
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and
below update to 10.3.0 or higher
TIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0
update to 10.2.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and
below update to 10.3.0 or higher
TIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0
update to 10.2.1 or higher
Issue/Introduction
TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting
Vulnerabilities
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-11205
CVE-2019-11205
Feedback
Yes
No
Powered by
