Security Advisory Regarding TIBCO Spotfire Server

Security Advisory Regarding TIBCO Spotfire Server

book

Article ID: KB0108068

calendar_today

Updated On:

Products Versions
Spotfire Server 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0

Description

TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting
Vulnerabilities

  Original release date: May 14, 2019
  Last revised: --
  Source: TIBCO Software Inc.


Description

  The component listed above contains vulnerabilities that theoretically allow
  reflected cross-site scripting (XSS) attacks.


Impact

  The impact of this vulnerability includes the theoretical possibility that
  an unauthenticated attacker could gain administrative access to the web
  interface of the affected component.

  CVSS v3 Base Score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A

Environment

Systems Affected   TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and     below   TIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0   The following component is affected:     * web server

Resolution

Solution

  TIBCO has released updated versions of the affected components which address
  these issues.

  TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and
    below update to 10.3.0 or higher

  TIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0
    update to 10.2.1 or higher

Issue/Introduction

TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE-2019-11205