Products | Versions |
---|---|
Spotfire Statistics Services | 7.11.1 and below, 10.0.0 |
TIBCO Spotfire Statistics Services Exposes Sensitive Files
Original release date: May 14, 2019
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains a vulnerability that might theoretically
allow an authenticated user to access sensitive information needed by the
Spotfire Statistics Services server. The sensitive information that might be
affected includes database, JMX, LDAP, Windows service account, and user
credentials.
Impact
The impact of this vulnerability includes the theoretical possibility that
credentials to both the Spotfire Statistics Services server, and to other
systems could be exposed.
CVSS v3 Base Score: 9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)