Security Advisory for TIBCO Spotfire WebPlayer 4.0.1 and below

Products	Versions
Spotfire Web Player	-
Not Applicable	-

Description

Description:
TIBCO Spotfire vulnerabilities

   Original release date: Mar 8, 2012
   Last revised: --
   Source: TIBCO Software Inc.

Systems Affected

   TIBCO Spotfire Analytics Server below 10.1.2
   TIBCO Spotfire Server below 3.1.3
   TIBCO Spotfire Server 3.2.X versions below 3.2.2
   TIBCO Spotfire Server 3.3.X versions below 3.3.3
   TIBCO Spotfire Web Player below 3.1.1

   TIBCO Spotfire Web Player 3.2.X versions below 3.2.2

   TIBCO Spotfire Web Player 3.3.X versions below 3.3.2

   TIBCO Spotfire Web Player 4.0.X versions below 4.0.2

   TIBCO Spotfire Automation Services below 3.1.1

   TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2

   TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2

   TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2

   TIBCO Spotfire Professional below 3.1.1

   TIBCO Spotfire Professional 3.2.x versions below 3.2.2

   TIBCO Spotfire Professional 3.3.x versions below 3.3.2

   TIBCO Spotfire Professional 4.0.x versions below 4.0.2

   The following components are affected:

     * TIBCO Spotfire Web Application
     * TIBCO Spotfire Web Player Application

     * TIBCO Spotfire Automation Services Application

     * TIBCO Spotfire Analytics Client Application

Description

   The TIBCO Spotfire components listed above are affected by the
   following critical vulnerability:

   CVE-2012-0690 - Carefully crafted URLs may result in information
   disclosure.

   TIBCO has released updated versions of the affected components which
   address this issue.  TIBCO strongly recommends sites running the affected
   components to install the applicable update as described below.

Impact

   The impact of these vulnerabilities may include information modification,
   information disclosure, and denial of service.

Solution

   For each affected system, update to the corresponding software versions:

   TIBCO Spotfire Analytics Server version 10.1.2 or higher
   TIBCO Spotfire Server 3.1.X version 3.1.3 or higher
   TIBCO Spotfire Server 3.2.X version 3.2.2 or higher
   TIBCO Spotfire Server 3.3.3 or higher
   TIBCO Spotfire Web Player 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Web Player 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Web Player 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Web Player 4.0.2 or higher

   TIBCO Spotfire Automation Services 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Automation Services 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Automation Services 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Automation Services 4.0.2 or higher

   TIBCO Spotfire Professional 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Professional 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Professional 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Professional 4.0.2 or higher

References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2012-0690

Issue/Introduction

Environment

Product: TIBCO Spotfire WebPlayer Version: OS: --------------------

Resolution

TIBCO Spotfire vulnerabilities

   Original release date: Mar 8, 2012
   Last revised: --
   Source: TIBCO Software Inc.

Systems Affected

   TIBCO Spotfire Analytics Server below 10.1.2
   TIBCO Spotfire Server below 3.1.3
   TIBCO Spotfire Server 3.2.X versions below 3.2.2
   TIBCO Spotfire Server 3.3.X versions below 3.3.3
   TIBCO Spotfire Web Player below 3.1.1

   TIBCO Spotfire Web Player 3.2.X versions below 3.2.2

   TIBCO Spotfire Web Player 3.3.X versions below 3.3.2

   TIBCO Spotfire Web Player 4.0.X versions below 4.0.2

   TIBCO Spotfire Automation Services below 3.1.1

   TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2

   TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2

   TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2

   TIBCO Spotfire Professional below 3.1.1

   TIBCO Spotfire Professional 3.2.x versions below 3.2.2

   TIBCO Spotfire Professional 3.3.x versions below 3.3.2

   TIBCO Spotfire Professional 4.0.x versions below 4.0.2

   The following components are affected:

     * TIBCO Spotfire Web Application
     * TIBCO Spotfire Web Player Application

     * TIBCO Spotfire Automation Services Application

     * TIBCO Spotfire Analytics Client Application

Description

   The TIBCO Spotfire components listed above are affected by the
   following critical vulnerability:

   CVE-2012-0690 - Carefully crafted URLs may result in information
   disclosure.

   TIBCO has released updated versions of the affected components which
   address this issue.  TIBCO strongly recommends sites running the affected
   components to install the applicable update as described below.

Impact

   The impact of these vulnerabilities may include information modification,
   information disclosure, and denial of service.

Solution

   For each affected system, update to the corresponding software versions:

   TIBCO Spotfire Analytics Server version 10.1.2 or higher
   TIBCO Spotfire Server 3.1.X version 3.1.3 or higher
   TIBCO Spotfire Server 3.2.X version 3.2.2 or higher
   TIBCO Spotfire Server 3.3.3 or higher
   TIBCO Spotfire Web Player 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Web Player 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Web Player 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Web Player 4.0.2 or higher

   TIBCO Spotfire Automation Services 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Automation Services 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Automation Services 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Automation Services 4.0.2 or higher

   TIBCO Spotfire Professional 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Professional 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Professional 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Professional 4.0.2 or higher

References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2012-0690

Welcome to "KB Articles"