Security Advisory for TIBCO Spotfire Products - Scripting
Article ID: KB0108216
Updated On:
| Products | Versions |
|---|---|
| Spotfire Professional | 6.5.3 and 7.0.x |
| Spotfire Desktop | 6.5.x - 7.7.0 |
| Spotfire Web Player | 6.5.x - 7.0.1 |
Description
TIBCO Spotfire scripting vulnerabilities
Original release date: Jan 10, 2017
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier
TIBCO Spotfire Analyst 7.5.0
TIBCO Spotfire Analyst 7.6.0
TIBCO Spotfire Analyst 7.7.0
TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier
TIBCO Spotfire Automation Services 6.5.3 and earlier
TIBCO Spotfire Automation Services 7.0.0, and 7.0.1
TIBCO Spotfire Connectors 7.6.0
TIBCO Spotfire Deployment Kit 6.5.3 and earlier
TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1
TIBCO Spotfire Deployment Kit 7.5.0
TIBCO Spotfire Deployment Kit 7.6.0
TIBCO Spotfire Deployment Kit 7.7.0
TIBCO Spotfire Desktop 6.5.2 and earlier
TIBCO Spotfire Desktop 7.0.0, and 7.0.1
TIBCO Spotfire Desktop 7.5.0
TIBCO Spotfire Desktop 7.6.0
TIBCO Spotfire Desktop 7.7.0
TIBCO Spotfire Desktop Developer Edition 7.7.0
TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier
TIBCO Spotfire Desktop Language Packs 7.5.0
TIBCO Spotfire Desktop Language Packs 7.6.0
TIBCO Spotfire Desktop Language Packs 7.7.0
TIBCO Spotfire Professional 6.5.3 and earlier
TIBCO Spotfire Professional 7.0.0 and 7.0.1
TIBCO Spotfire Web Player 6.5.3 and earlier
TIBCO Spotfire Web Player 7.0.0 and 7.0.1
The following components are affected:
* TIBCO Spotfire Client
* TIBCO Spotfire Web Player Client
Description
The Spotfire components listed above contain multiple vulnerabilities which
may allow a subset of authorized users to perform cross site scripting
attacks.
Impact
The impact of this vulnerability includes the theoretical disclosure of
sensitive information.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Original release date: Jan 10, 2017
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier
TIBCO Spotfire Analyst 7.5.0
TIBCO Spotfire Analyst 7.6.0
TIBCO Spotfire Analyst 7.7.0
TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier
TIBCO Spotfire Automation Services 6.5.3 and earlier
TIBCO Spotfire Automation Services 7.0.0, and 7.0.1
TIBCO Spotfire Connectors 7.6.0
TIBCO Spotfire Deployment Kit 6.5.3 and earlier
TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1
TIBCO Spotfire Deployment Kit 7.5.0
TIBCO Spotfire Deployment Kit 7.6.0
TIBCO Spotfire Deployment Kit 7.7.0
TIBCO Spotfire Desktop 6.5.2 and earlier
TIBCO Spotfire Desktop 7.0.0, and 7.0.1
TIBCO Spotfire Desktop 7.5.0
TIBCO Spotfire Desktop 7.6.0
TIBCO Spotfire Desktop 7.7.0
TIBCO Spotfire Desktop Developer Edition 7.7.0
TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier
TIBCO Spotfire Desktop Language Packs 7.5.0
TIBCO Spotfire Desktop Language Packs 7.6.0
TIBCO Spotfire Desktop Language Packs 7.7.0
TIBCO Spotfire Professional 6.5.3 and earlier
TIBCO Spotfire Professional 7.0.0 and 7.0.1
TIBCO Spotfire Web Player 6.5.3 and earlier
TIBCO Spotfire Web Player 7.0.0 and 7.0.1
The following components are affected:
* TIBCO Spotfire Client
* TIBCO Spotfire Web Player Client
Description
The Spotfire components listed above contain multiple vulnerabilities which
may allow a subset of authorized users to perform cross site scripting
attacks.
Impact
The impact of this vulnerability includes the theoretical disclosure of
sensitive information.
CVSS v3 Base Score: 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N)
Issue/Introduction
TIBCO Spotfire scripting vulnerabilities (CVE-2017-3180)
Environment
All Supported Platforms
Resolution
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.3 or higher
TIBCO Spotfire Analyst 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Analyst 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Analyst 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Analytics Platform for AWS Marketplace 7.8.0 or higher
TIBCO Spotfire Automation Services 6.5.X version 6.5.4 or higher
TIBCO Spotfire Automation Services 7.0.X version 7.0.2 or higher
TIBCO Spotfire Connectors 7.6.1 or higher
TIBCO Spotfire Deployment Kit 6.5.X version 6.5.4 or higher
TIBCO Spotfire Deployment Kit 7.0.X version 7.0.2 or higher
TIBCO Spotfire Deployment Kit 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Deployment Kit 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Deployment Kit 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Desktop 6.5.X version 6.5.4 or higher
TIBCO Spotfire Desktop 7.0.X version 7.0.2 or higher
TIBCO Spotfire Desktop 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Desktop 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Desktop 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Desktop Developer Edition 7.8.0 or higher
TIBCO Spotfire Desktop Language Packs 7.0.X version 7.0.2 or higher
TIBCO Spotfire Desktop Language Packs 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Desktop Language Packs 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Desktop Language Packs 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Professional 6.5.X version 6.5.4 or higher
TIBCO Spotfire Professional 7.0.X version 7.0.2 or higher
TIBCO Spotfire Web Player 6.5.X version 6.5.4 or higher
TIBCO Spotfire Web Player 7.0.X version 7.0.2 or higher
For each affected system, update to the corresponding software versions:
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.3 or higher
TIBCO Spotfire Analyst 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Analyst 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Analyst 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Analytics Platform for AWS Marketplace 7.8.0 or higher
TIBCO Spotfire Automation Services 6.5.X version 6.5.4 or higher
TIBCO Spotfire Automation Services 7.0.X version 7.0.2 or higher
TIBCO Spotfire Connectors 7.6.1 or higher
TIBCO Spotfire Deployment Kit 6.5.X version 6.5.4 or higher
TIBCO Spotfire Deployment Kit 7.0.X version 7.0.2 or higher
TIBCO Spotfire Deployment Kit 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Deployment Kit 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Deployment Kit 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Desktop 6.5.X version 6.5.4 or higher
TIBCO Spotfire Desktop 7.0.X version 7.0.2 or higher
TIBCO Spotfire Desktop 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Desktop 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Desktop 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Desktop Developer Edition 7.8.0 or higher
TIBCO Spotfire Desktop Language Packs 7.0.X version 7.0.2 or higher
TIBCO Spotfire Desktop Language Packs 7.5.0 version 7.5.1 or higher
TIBCO Spotfire Desktop Language Packs 7.6.0 version 7.6.1 or higher
TIBCO Spotfire Desktop Language Packs 7.7.0 version 7.7.1 or higher
TIBCO Spotfire Professional 6.5.X version 6.5.4 or higher
TIBCO Spotfire Professional 7.0.X version 7.0.2 or higher
TIBCO Spotfire Web Player 6.5.X version 6.5.4 or higher
TIBCO Spotfire Web Player 7.0.X version 7.0.2 or higher
Additional Information
http://www.tibco.com/services/support/advisories
CVE: CVE-2017-3180
CVE: CVE-2017-3180
Feedback
Yes
No
Powered by
