TIBCO Spotfire Product Family Remote Code Execution Vulnerability

Products	Versions
Spotfire Analyst	7.8.0,7.9.0,7.9.1,7.10.0,7.10.1,7.11.0,7.12.0
Spotfire Desktop	7.8.0,7.9.0,7.9.1,7.10.0,7.10.1,7.11.0,7.12.0
Spotfire Desktop Language Packs	7.8.0,7.9.0,7.9.1,7.10.0,7.10.1,7.11.0,7.12.0

Description

Description

The components listed above contain multiple vulnerabilities that may allow
for remote code execution.

Impact

The impact of this vulnerability includes the theoretical possibility that
an unprivileged remote attacker could execute code with the privileges
of the user account running the affected component.

CVSS v3 Base Score: 9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

Issue/Introduction

Environment

ystems Affected TIBCO Spotfire Analyst versions 7.8.0 and below TIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 TIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 TIBCO Spotfire Analyst version 7.11.0 TIBCO Spotfire Analyst version 7.12.0 TIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below TIBCO Spotfire Deployment Kit versions 7.8.0 and below TIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 TIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 TIBCO Spotfire Deployment Kit version 7.11.0 TIBCO Spotfire Deployment Kit version 7.12.0 TIBCO Spotfire Desktop versions 7.8.0 and below TIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 TIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 TIBCO Spotfire Desktop version 7.11.0 TIBCO Spotfire Desktop version 7.12.0 TIBCO Spotfire Desktop Language Packs versions 7.8.0 and below TIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 TIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 TIBCO Spotfire Desktop Language Packs version 7.11.0 The following components are affected: * TIBCO Spotfire Client * TIBCO Spotfire Web Player Client

Resolution

Solution

TIBCO has released updated versions of the affected components which address
these issues.

For each affected system, update to the corresponding software versions:

TIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher
TIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher
TIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher
TIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1
TIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0

TIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher

TIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher
TIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher
TIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher
TIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher
TIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher

TIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher
TIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher
TIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher
TIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher
TIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher

TIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher
TIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher
TIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher
TIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher

Additional Information

Original release date: June 26, 2018
Last revised: June 28, 2018
Source: TIBCO Software Inc.

References

http://www.tibco.com/services/support/advisories
CVE-2018-5435

Welcome to "KB Articles"