Security Advisory for TIBCO Spotfire Server
Article ID: KB0108122
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.0.0, 7.0.1, 7.5.0,7.5.1,7.6.0,7.7.0,7.8.0 |
Description
TIBCO Spotfire injection vulnerabilities
Original release date: May 9, 2017
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Server 7.0.0
TIBCO Spotfire Server 7.0.1
TIBCO Spotfire Server 7.5.0
TIBCO Spotfire Server 7.6.0
TIBCO Spotfire Server 7.7.0
TIBCO Spotfire Server 7.8.0
The following components are affected:
* TIBCO Spotfire Server
Description
The Spotfire components listed above contain multiple vulnerabilities which
may allow authorized users to perform SQL injection attacks.
Impact
The impact of this vulnerability includes the theoretical disclosure of
confidential data.
CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Environment
all platforms
Resolution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Server 7.0.X version 7.0.2 or higher
TIBCO Spotfire Server 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Server 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Server 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Server 7.8.0 version 7.8.1 or higher
Issue/Introduction
Security Advisory for TIBCO Spotfire Server
Additional Information
http://www.tibco.com/services/support/advisories
CVE: CVE-2017-5527
CVE: CVE-2017-5527
Feedback
Yes
No
Powered by
