Security Advisory regarding TIBCO Spotfire Statistics Services
Article ID: KB0108097
Updated On:
| Products | Versions |
|---|---|
| Spotfire Statistics Services | 7.11.0 and below |
Description
Description
The component listed above contains multiple vulnerabilities that may allow
the remote execution of code. Without needing to authenticate, an attacker
may be able to remotely execute code with the permissions of the system
account used to run the web server component.
Impact
The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.
CVSS v3 Base Score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
The component listed above contains multiple vulnerabilities that may allow
the remote execution of code. Without needing to authenticate, an attacker
may be able to remotely execute code with the permissions of the system
account used to run the web server component.
Impact
The impact of this vulnerability includes the theoretical possibility of unrestricted remote access to the operating system account hosting the web server component.
CVSS v3 Base Score: 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Issue/Introduction
This is a Security Advisory regarding TIBCO Spotfire Statistics Services remote execution vulnerabilities
Environment
Systems Affected
TIBCO Spotfire Statistics Services versions 7.11.0 and below
The following components are affected:
Web server
Resolution
Solution
TIBCO has released updated versions of the affected components which addresses these issues.
In addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Statistics Services versions 7.11.0 and below
update to version 7.11.1 or higher
TIBCO has released updated versions of the affected components which addresses these issues.
In addition to the updates, security related configuration changes may be required due to new defaults. Please review the documentation.
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Statistics Services versions 7.11.0 and below
update to version 7.11.1 or higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE-2018-12410
CVE-2018-12410
Feedback
Yes
No
Powered by
