TIBCO Statistica Server Vulnerable to Cross Site Scripting

TIBCO Statistica Server Vulnerable to Cross Site Scripting

book

Article ID: KB0108090

calendar_today

Updated On:

Products Versions
Spotfire Statistica Visualization Server 13.4.0 and below

Description

  Original release date: November 26, 2018
  Last revised: --
  Source: TIBCO Software Inc.

Description

  The component listed above contains vulnerabilities which may allow an
  authenticated user to perform cross-site scripting (XSS) attacks.


Impact

  The impact of this vulnerability includes the theoretical possibility that an
  authenticated user could escalate privileges to gain administrative access to
  the web interface of the affected component.

  CVSS v3 Base Score: 7.6 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H)
 

Environment

Systems Affected TIBCO Statistica Server versions 13.4.0 and below The following component is affected: * web application of TIBCO Statistica

Resolution

Solution

  TIBCO has released updated versions of the affected components which address
  these issues.

  For each affected system, update to the corresponding software versions:

  TIBCO Statistica Server version 13.4.0 and below update the
    TIBCO Statistica component to 13.5.0 or above

Issue/Introduction

TIBCO Statistica Server Vulnerable to Cross Site Scripting

Additional Information

  http://www.tibco.com/services/support/advisories
  CVE: CVE-2018-18807