TIBCO Spotfire vulnerabilities
Article ID: KB0108144
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | - |
| Spotfire Automation Services | - |
| Not Applicable | - |
Description
Description:
TIBCO Spotfire vulnerabilities
Original release date: April 9, 2014
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Server 3.3.3 and below
TIBCO Spotfire Server 4.5.0
TIBCO Spotfire Server 5.0.0 and 5.0.1
TIBCO Spotfire Server 5.5.0
TIBCO Spotfire Server 6.0.0 and 6.0.1
TIBCO Spotfire Professional 4.0.3 and below
TIBCO Spotfire Professional 4.5.0 and 4.5.1
TIBCO Spotfire Professional 5.0.0 and 5.0.1
TIBCO Spotfire Professional 5.5.0
TIBCO Spotfire Professional 6.0.0
TIBCO Spotfire Web Player 4.0.3 and below
TIBCO Spotfire Web Player 4.5.0 and 4.5.1
TIBCO Spotfire Web Player 5.0.0 and 5.0.1
TIBCO Spotfire Web Player 5.5.0
TIBCO Spotfire Web Player 6.0.0
TIBCO Spotfire Automation Services 4.0.3 and below
TIBCO Spotfire Automation Services 4.5.0 and 4.5.1
TIBCO Spotfire Automation Services 5.0.0 and 5.0.1
TIBCO Spotfire Automation Services 5.5.0
TIBCO Spotfire Automation Services 6.0.0
TIBCO Spotfire Deployment Kit 4.0.3 and below
TIBCO Spotfire Deployment Kit 4.5.0 and 4.5.1
TIBCO Spotfire Deployment Kit 5.0.0 and 5.0.1
TIBCO Spotfire Deployment Kit 5.5.0
TIBCO Spotfire Deployment Kit 6.0.0
TIBCO Spotfire Desktop 6.0.0 and below
TIBCO Spotfire Analyst 6.0.0 and below
The following components are affected:
* TIBCO Spotfire Web Player Engine
* TIBCO Spotfire Desktop
* TIBCO Spotfire Server Authentication Module
Description
The TIBCO Spotfire components listed above contain a critical vulnerability
which could allow an attacker to execute arbitrary code.
TIBCO has released updated versions of the affected software products
which address these issues. TIBCO strongly recommends sites running the
affected components install the applicable update as described below.
Impact
The impact of these vulnerabilities may include information disclosure,
information modification, or arbitrary code execution.
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Server 3.3.X version 3.3.4 or higher
TIBCO Spotfire Server 4.5.X version 4.5.1 or higher
TIBCO Spotfire Server 5.0.X version 5.0.2 or higher
TIBCO Spotfire Server 5.5.X version 5.5.1 or higher
TIBCO Spotfire Server 6.0.2 or higher
TIBCO Spotfire Professional 4.0.X version 4.0.4 or higher
TIBCO Spotfire Professional 4.5.X version 4.5.2 or higher
TIBCO Spotfire Professional 5.0.X version 5.0.2 or higher
TIBCO Spotfire Professional 5.5.X version 5.5.1 or higher
TIBCO Spotfire Professional 6.0.1 or higher
TIBCO Spotfire Web Player 4.0.X version 4.0.4 or higher
TIBCO Spotfire Web Player 4.5.X version 4.5.2 or higher
TIBCO Spotfire Web Player 5.0.X version 5.0.2 or higher
TIBCO Spotfire Web Player 5.5.X version 5.5.1 or higher
TIBCO Spotfire Web Player 6.0.1 or higher
TIBCO Spotfire Automation Services 4.0.X version 4.0.4 or higher
TIBCO Spotfire Automation Services 4.5.X version 4.5.2 or higher
TIBCO Spotfire Automation Services 5.0.X version 5.0.2 or higher
TIBCO Spotfire Automation Services 5.5.X version 5.5.1 or higher
TIBCO Spotfire Automation Services 6.0.1 or higher
TIBCO Spotfire Deployment Kit 4.0.X version 4.0.4 or higher
TIBCO Spotfire Deployment Kit 4.5.X version 4.5.2 or higher
TIBCO Spotfire Deployment Kit 5.0.X version 5.0.2 or higher
TIBCO Spotfire Deployment Kit 5.5.X version 5.5.1 or higher
TIBCO Spotfire Deployment Kit 6.0.1 or higher
TIBCO Spotfire Desktop 6.0.1 or higher
TIBCO Spotfire Analyst 6.0.1 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2014-2544
Environment
Issue/Introduction
Feedback
