Security Advisory Regarding Spotfire Web server
Article ID: KB0108088
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.10.1 and below,7.11.0 and 7.11.1, 7.12.0, 7.13.0, 7.14.0, and 10.0.0 |
Description
TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities
Original release date: January 16, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains multiple vulnerabilities that may allow
persistent and reflected cross-site scripting attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that
an unauthenticated attacker could perform administrative functions provided
by the web interface of the affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Original release date: January 16, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains multiple vulnerabilities that may allow
persistent and reflected cross-site scripting attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that
an unauthenticated attacker could perform administrative functions provided
by the web interface of the affected component.
CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Issue/Introduction
TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities
Environment
Systems Affected
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and
below
TIBCO Spotfire Server versions 7.10.1 and below
TIBCO Spotfire Server versions 7.11.0, and 7.11.1
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0
The following components are affected:
* Spotfire web server
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and
below update to version 10.0.1 or higher
TIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or
higher
TIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or
higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to
version 10.0.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and
below update to version 10.0.1 or higher
TIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or
higher
TIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or
higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to
version 10.0.1 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2018-18813
http://www.tibco.com/services/support/advisories
CVE-2018-18813
Feedback
Yes
No
Powered by
