TIBCO Statistica Server Vulnerable to Cross Site Scripting
Article ID: KB0108090
Updated On:
| Products | Versions |
|---|---|
| Spotfire Statistica Visualization Server | 13.4.0 and below |
Description
Original release date: November 26, 2018
Last revised: --
Source: TIBCO Software Inc.
Description
The component listed above contains vulnerabilities which may allow an
authenticated user to perform cross-site scripting (XSS) attacks.
Impact
The impact of this vulnerability includes the theoretical possibility that an
authenticated user could escalate privileges to gain administrative access to
the web interface of the affected component.
CVSS v3 Base Score: 7.6 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H)
Environment
Systems Affected
TIBCO Statistica Server versions 13.4.0 and below
The following component is affected:
* web application of TIBCO Statistica
Resolution
Solution
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Statistica Server version 13.4.0 and below update the
TIBCO Statistica component to 13.5.0 or above
TIBCO has released updated versions of the affected components which address
these issues.
For each affected system, update to the corresponding software versions:
TIBCO Statistica Server version 13.4.0 and below update the
TIBCO Statistica component to 13.5.0 or above
Issue/Introduction
TIBCO Statistica Server Vulnerable to Cross Site Scripting
Additional Information
http://www.tibco.com/services/support/advisories
CVE: CVE-2018-18807
CVE: CVE-2018-18807
Feedback
Yes
No
Powered by
