Security Advisory for TIBCO Cloud Analytics
Article ID: KB0091116
Updated On:
| Products | Versions |
|---|---|
| Not Applicable | - |
Description
Resolution:
TIBCO Spotfire Web Player vulnerabilities
Original release date: March 13, 2013
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Web Player below 3.3.3
TIBCO Spotfire Web Player version 4.0.X below 4.0.3
TIBCO Spotfire Web Player version 4.5.0
TIBCO Spotfire Web Player version 5.0.0
The following components are affected:
* TIBCO Spotfire Web Player Engine
Description
The TIBCO Spotfire Web Player components listed above contain critical
vulnerabilities in the handling of HTTP requests:
CVE-2013-2372 - A cross-site scripting vulnerability exists which
may allow an attacker to view or modify information.
CVE-2013-2373 - Access controls will not be properly enforced in some
circumstances. This may allow unauthorized users to access or modify
information.
TIBCO has released updated versions of the affected software products
which address these issues. TIBCO strongly recommends sites running the
affected components install the applicable update as described below.
Impact
The impact of these vulnerabilities may include information disclosure
and information modification.
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Web Player version 3.3.X version 3.3.3 or higher
TIBCO Spotfire Web Player version 4.0.X version 4.0.3 or higher
TIBCO Spotfire Web Player version 4.5.X version 4.5.1 or higher
TIBCO Spotfire Web Player version 5.0.1 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2013-2372, CVE-2013-2373
Please see the web site listed above for any updates to this advisory
TIBCO Spotfire Web Player vulnerabilities
Original release date: March 13, 2013
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Web Player below 3.3.3
TIBCO Spotfire Web Player version 4.0.X below 4.0.3
TIBCO Spotfire Web Player version 4.5.0
TIBCO Spotfire Web Player version 5.0.0
The following components are affected:
* TIBCO Spotfire Web Player Engine
Description
The TIBCO Spotfire Web Player components listed above contain critical
vulnerabilities in the handling of HTTP requests:
CVE-2013-2372 - A cross-site scripting vulnerability exists which
may allow an attacker to view or modify information.
CVE-2013-2373 - Access controls will not be properly enforced in some
circumstances. This may allow unauthorized users to access or modify
information.
TIBCO has released updated versions of the affected software products
which address these issues. TIBCO strongly recommends sites running the
affected components install the applicable update as described below.
Impact
The impact of these vulnerabilities may include information disclosure
and information modification.
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Web Player version 3.3.X version 3.3.3 or higher
TIBCO Spotfire Web Player version 4.0.X version 4.0.3 or higher
TIBCO Spotfire Web Player version 4.5.X version 4.5.1 or higher
TIBCO Spotfire Web Player version 5.0.1 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2013-2372, CVE-2013-2373
Please see the web site listed above for any updates to this advisory
Issue/Introduction
Security Advisory for TIBCO Cloud Analytics
Feedback
Yes
No
Powered by
