Security Advisory Regarding TIBCO Spotfire Server
Article ID: KB0108067
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.11.2 and below, 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 |
Description
TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks
Original release date: May 14, 2019
Last revised: --
Source: TIBCO Software Inc
Description
The component listed above contains vulnerabilities that theoretically allow
a malicious user to undermine the integrity of comments and bookmarks.
Impact
The impact of this vulnerability includes the theoretical possibility that
an unauthenticated attacker could remove comments from the system, rename
bookmarks, and trick other users about which user authored a comment.
CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Original release date: May 14, 2019
Last revised: --
Source: TIBCO Software Inc
Description
The component listed above contains vulnerabilities that theoretically allow
a malicious user to undermine the integrity of comments and bookmarks.
Impact
The impact of this vulnerability includes the theoretical possibility that
an unauthenticated attacker could remove comments from the system, rename
bookmarks, and trick other users about which user authored a comment.
CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Issue/Introduction
TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks
Environment
Systems Affected
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and
below
TIBCO Spotfire Server versions 7.11.2 and below
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0,
and 10.2.0
The following component is affected:
* Spotfire library
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and
below update to 10.3.0 or higher
TIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0,
and 10.2.0 update to 10.2.1 or higher
TIBCO has released updated versions of the affected components which address
these issues.
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and
below update to 10.3.0 or higher
TIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher
TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0,
and 10.2.0 update to 10.2.1 or higher
Additional Information
References
http://www.tibco.com/services/support/advisories
CVE-2019-11206
http://www.tibco.com/services/support/advisories
CVE-2019-11206
Feedback
Yes
No
Powered by
