Security Advisory Regarding TIBCO Spotfire® Server
Article ID: KB0108053
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.11.7 and below, 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, 10.4.0, 10.5.0, and 10.6.0 |
Description
TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users
Original release date: December 17, 2019
Last revised: ---
Source: TIBCO Software Inc.
The following component is affected:
* Data access layer
Description
The component listed above contains multiple vulnerabilities that
theoretically allow an attacker access to data cached from a data source, or a
portion of a data source, that the attacker should not have access to. The
attacker would need privileges to save a Spotfire file to the library.
Impact
The impact of this vulnerability includes the theoretical possibility that the
attacker could gain unauthorized access to data that other users have recently
viewed.
CVSS v3 Base Score: 5.3 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Original release date: December 17, 2019
Last revised: ---
Source: TIBCO Software Inc.
The following component is affected:
* Data access layer
Description
The component listed above contains multiple vulnerabilities that
theoretically allow an attacker access to data cached from a data source, or a
portion of a data source, that the attacker should not have access to. The
attacker would need privileges to save a Spotfire file to the library.
Impact
The impact of this vulnerability includes the theoretical possibility that the
attacker could gain unauthorized access to data that other users have recently
viewed.
CVSS v3 Base Score: 5.3 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
Issue/Introduction
TIBCO Spotfire® Server Exposes User-Specific Cached Data To Others Users
Environment
Systems Affected
TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0
TIBCO Spotfire Server versions 7.11.7 and below
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1,
10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4
TIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0
Resolution
TIBCO has released updated versions of the affected systems which address
these issues:
TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update
to version 10.6.1 or higher
TIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or
higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1,
10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to
version 10.3.5 or higher
TIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version
10.6.1 or higher
these issues:
TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update
to version 10.6.1 or higher
TIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or
higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1,
10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to
version 10.3.5 or higher
TIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version
10.6.1 or higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2019-17335
CVE-2019-17335
Feedback
Yes
No
Powered by
