Security Advisory Regarding Spotfire Authentication
Article ID: KB0108087
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.10.1 and below, 7.11.0 and 7.11.1, 7.12.0, 7.13.0, and 7.14.0 |
Description
TIBCO Spotfire Authentication Vulnerability
Original release date: January 16, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability in the handling of the
authentication that theoretically may allow an attacker to gain full access
to a target account, independent of configured authentication mechanisms.
Impact
The impact of this vulnerability includes the theoretical possibility that
an unauthenticated attacker could gain administrative access to the web
interface of the affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Original release date: January 16, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability in the handling of the
authentication that theoretically may allow an attacker to gain full access
to a target account, independent of configured authentication mechanisms.
Impact
The impact of this vulnerability includes the theoretical possibility that
an unauthenticated attacker could gain administrative access to the web
interface of the affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Issue/Introduction
TIBCO Spotfire Authentication Vulnerability
Environment
Systems Affected
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and
below
TIBCO Spotfire Server versions 7.10.1 and below
TIBCO Spotfire Server versions 7.11.0, and 7.11.1
TIBCO Spotfire Server versions 7.12.0, 7.13.0, and 7.14.0
The following components are affected:
* TIBCO Spotfire authentication
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and
below update to version 10.0.1 or higher
TIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or
higher
TIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or
higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, and 7.14.0 update to
version 10.0.0 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and
below update to version 10.0.1 or higher
TIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or
higher
TIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or
higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, and 7.14.0 update to
version 10.0.0 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2018-18814
http://www.tibco.com/services/support/advisories
CVE-2018-18814
Feedback
Yes
No
Powered by
