Products | Versions |
---|---|
Spotfire Analyst | 7.7.0 |
Spotfire Connectors | 7.6.0 |
Spotfire Deployment Kit | 7.7.0 |
TIBCO Spotfire scripting vulnerabilities
Original release date: Jan 10, 2017
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Analyst 7.7.0
TIBCO Spotfire Connectors 7.6.0
TIBCO Spotfire Deployment Kit 7.7.0
TIBCO Spotfire Desktop 7.6.0
TIBCO Spotfire Desktop 7.7.0
TIBCO Spotfire Desktop Developer Edition 7.7.0
TIBCO Spotfire Desktop Language Packs 7.6.0
TIBCO Spotfire Desktop Language Packs 7.7.0
The following components are affected:
* TIBCO Spotfire Client
* TIBCO Spotfire Web Player Client
Description
The Spotfire components listed above contain multiple vulnerabilities which
may allow a subset of authorized users to perform SQL injection attacks
against PostgreSQL databases. Other databases systems are not affected.
Impact
The impact of this vulnerability includes the theoretical modification of
sensitive information.
CVSS v3 Base Score: 6.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N)