TIBCO Spotfire vulnerabilities

TIBCO Spotfire vulnerabilities

book

Article ID: KB0108144

calendar_today

Updated On:

Products

Spotfire Server

Description

Description:
TIBCO Spotfire vulnerabilities

   Original release date: April 9, 2014
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected
   TIBCO Spotfire Server 3.3.3 and below
   TIBCO Spotfire Server 4.5.0
   TIBCO Spotfire Server 5.0.0 and 5.0.1
   TIBCO Spotfire Server 5.5.0
   TIBCO Spotfire Server 6.0.0 and 6.0.1

   TIBCO Spotfire Professional 4.0.3 and below
   TIBCO Spotfire Professional 4.5.0 and 4.5.1
   TIBCO Spotfire Professional 5.0.0 and 5.0.1
   TIBCO Spotfire Professional 5.5.0
   TIBCO Spotfire Professional 6.0.0

   TIBCO Spotfire Web Player 4.0.3 and below
   TIBCO Spotfire Web Player 4.5.0 and 4.5.1
   TIBCO Spotfire Web Player 5.0.0 and 5.0.1
   TIBCO Spotfire Web Player 5.5.0
   TIBCO Spotfire Web Player 6.0.0

   TIBCO Spotfire Automation Services 4.0.3 and below
   TIBCO Spotfire Automation Services 4.5.0 and 4.5.1
   TIBCO Spotfire Automation Services 5.0.0 and 5.0.1
   TIBCO Spotfire Automation Services 5.5.0
   TIBCO Spotfire Automation Services 6.0.0

   TIBCO Spotfire Deployment Kit 4.0.3 and below
   TIBCO Spotfire Deployment Kit 4.5.0 and 4.5.1
   TIBCO Spotfire Deployment Kit 5.0.0 and 5.0.1
   TIBCO Spotfire Deployment Kit 5.5.0
   TIBCO Spotfire Deployment Kit 6.0.0

   TIBCO Spotfire Desktop 6.0.0 and below

   TIBCO Spotfire Analyst 6.0.0 and below

   The following components are affected:

     * TIBCO Spotfire Web Player Engine
     * TIBCO Spotfire Desktop
     * TIBCO Spotfire Server Authentication Module

Description

   The TIBCO Spotfire components listed above contain a critical vulnerability
   which could allow an attacker to execute arbitrary code.

   TIBCO has released updated versions of the affected software products
   which address these issues.  TIBCO strongly recommends sites running the
   affected components install the applicable update as described below.

Impact

   The impact of these vulnerabilities may include information disclosure,
   information modification, or arbitrary code execution.

Solution

   For each affected system, update to the corresponding software versions:
 
   TIBCO Spotfire Server 3.3.X version 3.3.4 or higher
   TIBCO Spotfire Server 4.5.X version 4.5.1 or higher
   TIBCO Spotfire Server 5.0.X version 5.0.2 or higher
   TIBCO Spotfire Server 5.5.X version 5.5.1 or higher
   TIBCO Spotfire Server 6.0.2 or higher

   TIBCO Spotfire Professional 4.0.X version 4.0.4 or higher
   TIBCO Spotfire Professional 4.5.X version 4.5.2 or higher
   TIBCO Spotfire Professional 5.0.X version 5.0.2 or higher
   TIBCO Spotfire Professional 5.5.X version 5.5.1 or higher
   TIBCO Spotfire Professional 6.0.1 or higher

   TIBCO Spotfire Web Player 4.0.X version 4.0.4 or higher
   TIBCO Spotfire Web Player 4.5.X version 4.5.2 or higher
   TIBCO Spotfire Web Player 5.0.X version 5.0.2 or higher
   TIBCO Spotfire Web Player 5.5.X version 5.5.1 or higher
   TIBCO Spotfire Web Player 6.0.1 or higher

   TIBCO Spotfire Automation Services 4.0.X version 4.0.4 or higher
   TIBCO Spotfire Automation Services 4.5.X version 4.5.2 or higher
   TIBCO Spotfire Automation Services 5.0.X version 5.0.2 or higher
   TIBCO Spotfire Automation Services 5.5.X version 5.5.1 or higher
   TIBCO Spotfire Automation Services 6.0.1 or higher

   TIBCO Spotfire Deployment Kit 4.0.X version 4.0.4 or higher
   TIBCO Spotfire Deployment Kit 4.5.X version 4.5.2 or higher
   TIBCO Spotfire Deployment Kit 5.0.X version 5.0.2 or higher
   TIBCO Spotfire Deployment Kit 5.5.X version 5.5.1 or higher
   TIBCO Spotfire Deployment Kit 6.0.1 or higher

   TIBCO Spotfire Desktop 6.0.1 or higher

   TIBCO Spotfire Analyst 6.0.1 or higher

References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2014-2544

Issue/Introduction

TIBCO Spotfire vulnerabilities

Environment

All