Original release date: April 9, 2014 Last revised: -- Source: TIBCO Software Inc.
Systems Affected TIBCO Spotfire Server 3.3.3 and below TIBCO Spotfire Server 4.5.0 TIBCO Spotfire Server 5.0.0 and 5.0.1 TIBCO Spotfire Server 5.5.0 TIBCO Spotfire Server 6.0.0 and 6.0.1
TIBCO Spotfire Professional 4.0.3 and below TIBCO Spotfire Professional 4.5.0 and 4.5.1 TIBCO Spotfire Professional 5.0.0 and 5.0.1 TIBCO Spotfire Professional 5.5.0 TIBCO Spotfire Professional 6.0.0
TIBCO Spotfire Web Player 4.0.3 and below TIBCO Spotfire Web Player 4.5.0 and 4.5.1 TIBCO Spotfire Web Player 5.0.0 and 5.0.1 TIBCO Spotfire Web Player 5.5.0 TIBCO Spotfire Web Player 6.0.0
* TIBCO Spotfire Web Player Engine * TIBCO Spotfire Desktop * TIBCO Spotfire Server Authentication Module
Description
The TIBCO Spotfire components listed above contain a critical vulnerability which could allow an attacker to execute arbitrary code.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.
Impact
The impact of these vulnerabilities may include information disclosure, information modification, or arbitrary code execution.
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Server 3.3.X version 3.3.4 or higher TIBCO Spotfire Server 4.5.X version 4.5.1 or higher TIBCO Spotfire Server 5.0.X version 5.0.2 or higher TIBCO Spotfire Server 5.5.X version 5.5.1 or higher TIBCO Spotfire Server 6.0.2 or higher
TIBCO Spotfire Professional 4.0.X version 4.0.4 or higher TIBCO Spotfire Professional 4.5.X version 4.5.2 or higher TIBCO Spotfire Professional 5.0.X version 5.0.2 or higher TIBCO Spotfire Professional 5.5.X version 5.5.1 or higher TIBCO Spotfire Professional 6.0.1 or higher
TIBCO Spotfire Web Player 4.0.X version 4.0.4 or higher TIBCO Spotfire Web Player 4.5.X version 4.5.2 or higher TIBCO Spotfire Web Player 5.0.X version 5.0.2 or higher TIBCO Spotfire Web Player 5.5.X version 5.5.1 or higher TIBCO Spotfire Web Player 6.0.1 or higher
TIBCO Spotfire Automation Services 4.0.X version 4.0.4 or higher TIBCO Spotfire Automation Services 4.5.X version 4.5.2 or higher TIBCO Spotfire Automation Services 5.0.X version 5.0.2 or higher TIBCO Spotfire Automation Services 5.5.X version 5.5.1 or higher TIBCO Spotfire Automation Services 6.0.1 or higher
TIBCO Spotfire Deployment Kit 4.0.X version 4.0.4 or higher TIBCO Spotfire Deployment Kit 4.5.X version 4.5.2 or higher TIBCO Spotfire Deployment Kit 5.0.X version 5.0.2 or higher TIBCO Spotfire Deployment Kit 5.5.X version 5.5.1 or higher TIBCO Spotfire Deployment Kit 6.0.1 or higher