Security Advisory for TIBCO Spotfire
Article ID: KB0108186
Updated On:
| Products | Versions |
|---|---|
| Spotfire Analyst | - |
| Not Applicable | - |
Description
Description:
TIBCO Spotfire vulnerabilities
Original release date: Mar 8, 2012
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Analytics Server below 10.1.2
TIBCO Spotfire Server below 3.1.3
TIBCO Spotfire Server 3.2.X versions below 3.2.2
TIBCO Spotfire Server 3.3.X versions below 3.3.3
TIBCO Spotfire Web Player below 3.1.1
TIBCO Spotfire Web Player 3.2.X versions below 3.2.2
TIBCO Spotfire Web Player 3.3.X versions below 3.3.2
TIBCO Spotfire Web Player 4.0.X versions below 4.0.2
TIBCO Spotfire Automation Services below 3.1.1
TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2
TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2
TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2
TIBCO Spotfire Professional below 3.1.1
TIBCO Spotfire Professional 3.2.x versions below 3.2.2
TIBCO Spotfire Professional 3.3.x versions below 3.3.2
TIBCO Spotfire Professional 4.0.x versions below 4.0.2
The following components are affected:
* TIBCO Spotfire Web Application
* TIBCO Spotfire Web Player Application
* TIBCO Spotfire Automation Services Application
* TIBCO Spotfire Analytics Client Application
Description
The TIBCO Spotfire components listed above are affected by the
following critical vulnerability:
CVE-2012-0690 - Carefully crafted URLs may result in information
disclosure.
TIBCO has released updated versions of the affected components which
address this issue. TIBCO strongly recommends sites running the affected
components to install the applicable update as described below.
Impact
The impact of these vulnerabilities may include information modification,
information disclosure, and denial of service.
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analytics Server version 10.1.2 or higher
TIBCO Spotfire Server 3.1.X version 3.1.3 or higher
TIBCO Spotfire Server 3.2.X version 3.2.2 or higher
TIBCO Spotfire Server 3.3.3 or higher
TIBCO Spotfire Web Player 3.1.X version 3.1.1 or higher
TIBCO Spotfire Web Player 3.2.X version 3.2.2 or higher
TIBCO Spotfire Web Player 3.3.X version 3.3.2 or higher
TIBCO Spotfire Web Player 4.0.2 or higher
TIBCO Spotfire Automation Services 3.1.X version 3.1.1 or higher
TIBCO Spotfire Automation Services 3.2.X version 3.2.2 or higher
TIBCO Spotfire Automation Services 3.3.X version 3.3.2 or higher
TIBCO Spotfire Automation Services 4.0.2 or higher
TIBCO Spotfire Professional 3.1.X version 3.1.1 or higher
TIBCO Spotfire Professional 3.2.X version 3.2.2 or higher
TIBCO Spotfire Professional 3.3.X version 3.3.2 or higher
TIBCO Spotfire Professional 4.0.2 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2012-0690
Environment
Resolution
Original release date: Mar 8, 2012
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Analytics Server below 10.1.2
TIBCO Spotfire Server below 3.1.3
TIBCO Spotfire Server 3.2.X versions below 3.2.2
TIBCO Spotfire Server 3.3.X versions below 3.3.3
TIBCO Spotfire Web Player below 3.1.1
TIBCO Spotfire Web Player 3.2.X versions below 3.2.2
TIBCO Spotfire Web Player 3.3.X versions below 3.3.2
TIBCO Spotfire Web Player 4.0.X versions below 4.0.2
TIBCO Spotfire Automation Services below 3.1.1
TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2
TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2
TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2
TIBCO Spotfire Professional below 3.1.1
TIBCO Spotfire Professional 3.2.x versions below 3.2.2
TIBCO Spotfire Professional 3.3.x versions below 3.3.2
TIBCO Spotfire Professional 4.0.x versions below 4.0.2
The following components are affected:
* TIBCO Spotfire Web Application
* TIBCO Spotfire Web Player Application
* TIBCO Spotfire Automation Services Application
* TIBCO Spotfire Analytics Client Application
Description
The TIBCO Spotfire components listed above are affected by the
following critical vulnerability:
CVE-2012-0690 - Carefully crafted URLs may result in information
disclosure.
TIBCO has released updated versions of the affected components which
address this issue. TIBCO strongly recommends sites running the affected
components to install the applicable update as described below.
Impact
The impact of these vulnerabilities may include information modification,
information disclosure, and denial of service.
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analytics Server version 10.1.2 or higher
TIBCO Spotfire Server 3.1.X version 3.1.3 or higher
TIBCO Spotfire Server 3.2.X version 3.2.2 or higher
TIBCO Spotfire Server 3.3.3 or higher
TIBCO Spotfire Web Player 3.1.X version 3.1.1 or higher
TIBCO Spotfire Web Player 3.2.X version 3.2.2 or higher
TIBCO Spotfire Web Player 3.3.X version 3.3.2 or higher
TIBCO Spotfire Web Player 4.0.2 or higher
TIBCO Spotfire Automation Services 3.1.X version 3.1.1 or higher
TIBCO Spotfire Automation Services 3.2.X version 3.2.2 or higher
TIBCO Spotfire Automation Services 3.3.X version 3.3.2 or higher
TIBCO Spotfire Automation Services 4.0.2 or higher
TIBCO Spotfire Professional 3.1.X version 3.1.1 or higher
TIBCO Spotfire Professional 3.2.X version 3.2.2 or higher
TIBCO Spotfire Professional 3.3.X version 3.3.2 or higher
TIBCO Spotfire Professional 4.0.2 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2012-0690
Issue/Introduction
Feedback
