Security Advisory for TIBCO Spotfire Server

Security Advisory for TIBCO Spotfire Server

book

Article ID: KB0108122

calendar_today

Updated On:

Products Versions
Spotfire Server 7.0.0, 7.0.1, 7.5.0,7.5.1,7.6.0,7.7.0,7.8.0

Description

TIBCO Spotfire injection vulnerabilities

  Original release date: May 9, 2017
  Last revised: --
  Source: TIBCO Software Inc.


Systems Affected

  TIBCO Spotfire Server 7.0.0
  TIBCO Spotfire Server 7.0.1
  TIBCO Spotfire Server 7.5.0
  TIBCO Spotfire Server 7.6.0
  TIBCO Spotfire Server 7.7.0
  TIBCO Spotfire Server 7.8.0

  The following components are affected:

    * TIBCO Spotfire Server


Description

  The Spotfire components listed above contain multiple vulnerabilities which
  may allow authorized users to perform SQL injection attacks.


Impact

  The impact of this vulnerability includes the theoretical disclosure of
  confidential data.

  CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)


 

Issue/Introduction

Security Advisory for TIBCO Spotfire Server

Environment

all platforms

Resolution


  TIBCO has released updated versions of the affected components which address
  these issues.

  For each affected system, update to the corresponding software versions:

  TIBCO Spotfire Server 7.0.X version 7.0.2 or higher
  TIBCO Spotfire Server 7.5.0 version 7.5.1 or higher
  TIBCO Spotfire Server 7.6.0 version 7.6.1 or higher
  TIBCO Spotfire Server 7.7.0 version 7.7.1 or higher
  TIBCO Spotfire Server 7.8.0 version 7.8.1 or higher

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE: CVE-2017-5527
Powered by Wolken Software