Description:
TIBCO Spotfire vulnerabilities

   Original release date: Mar 8, 2012
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   TIBCO Spotfire Analytics Server below 10.1.2
   TIBCO Spotfire Server below 3.1.3
   TIBCO Spotfire Server 3.2.X versions below 3.2.2
   TIBCO Spotfire Server 3.3.X versions below 3.3.3
   TIBCO Spotfire Web Player below 3.1.1

   TIBCO Spotfire Web Player 3.2.X versions below 3.2.2

   TIBCO Spotfire Web Player 3.3.X versions below 3.3.2

   TIBCO Spotfire Web Player 4.0.X versions below 4.0.2

   TIBCO Spotfire Automation Services below 3.1.1

   TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2

   TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2

   TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2

   TIBCO Spotfire Professional below 3.1.1

   TIBCO Spotfire Professional 3.2.x versions below 3.2.2

   TIBCO Spotfire Professional 3.3.x versions below 3.3.2

   TIBCO Spotfire Professional 4.0.x versions below 4.0.2


   The following components are affected:

     * TIBCO Spotfire Web Application
     * TIBCO Spotfire Web Player Application

     * TIBCO Spotfire Automation Services Application

     * TIBCO Spotfire Analytics Client Application




Description

   The TIBCO Spotfire components listed above are affected by the
   following critical vulnerability:

   CVE-2012-0690 - Carefully crafted URLs may result in information
   disclosure.

   TIBCO has released updated versions of the affected components which
   address this issue.  TIBCO strongly recommends sites running the affected
   components to install the applicable update as described below.


Impact

   The impact of these vulnerabilities may include information modification,
   information disclosure, and denial of service.


Solution

   For each affected system, update to the corresponding software versions:

   TIBCO Spotfire Analytics Server version 10.1.2 or higher
   TIBCO Spotfire Server 3.1.X version 3.1.3 or higher
   TIBCO Spotfire Server 3.2.X version 3.2.2 or higher
   TIBCO Spotfire Server 3.3.3 or higher
   TIBCO Spotfire Web Player 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Web Player 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Web Player 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Web Player 4.0.2 or higher

   TIBCO Spotfire Automation Services 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Automation Services 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Automation Services 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Automation Services 4.0.2 or higher

   TIBCO Spotfire Professional 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Professional 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Professional 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Professional 4.0.2 or higher



References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2012-0690

Security Advisory for TIBCO Spotfire Automation Services 4.0.1 and below

Product: TIBCO Spotfire Automation Services Version: OS: --------------------

TIBCO Spotfire vulnerabilities

   Original release date: Mar 8, 2012
   Last revised: --
   Source: TIBCO Software Inc.


Systems Affected

   TIBCO Spotfire Analytics Server below 10.1.2
   TIBCO Spotfire Server below 3.1.3
   TIBCO Spotfire Server 3.2.X versions below 3.2.2
   TIBCO Spotfire Server 3.3.X versions below 3.3.3
   TIBCO Spotfire Web Player below 3.1.1

   TIBCO Spotfire Web Player 3.2.X versions below 3.2.2

   TIBCO Spotfire Web Player 3.3.X versions below 3.3.2

   TIBCO Spotfire Web Player 4.0.X versions below 4.0.2

   TIBCO Spotfire Automation Services below 3.1.1

   TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2

   TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2

   TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2

   TIBCO Spotfire Professional below 3.1.1

   TIBCO Spotfire Professional 3.2.x versions below 3.2.2

   TIBCO Spotfire Professional 3.3.x versions below 3.3.2

   TIBCO Spotfire Professional 4.0.x versions below 4.0.2


   The following components are affected:

     * TIBCO Spotfire Web Application
     * TIBCO Spotfire Web Player Application

     * TIBCO Spotfire Automation Services Application

     * TIBCO Spotfire Analytics Client Application




Description

   The TIBCO Spotfire components listed above are affected by the
   following critical vulnerability:

   CVE-2012-0690 - Carefully crafted URLs may result in information
   disclosure.

   TIBCO has released updated versions of the affected components which
   address this issue.  TIBCO strongly recommends sites running the affected
   components to install the applicable update as described below.


Impact

   The impact of these vulnerabilities may include information modification,
   information disclosure, and denial of service.


Solution

   For each affected system, update to the corresponding software versions:

   TIBCO Spotfire Analytics Server version 10.1.2 or higher
   TIBCO Spotfire Server 3.1.X version 3.1.3 or higher
   TIBCO Spotfire Server 3.2.X version 3.2.2 or higher
   TIBCO Spotfire Server 3.3.3 or higher
   TIBCO Spotfire Web Player 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Web Player 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Web Player 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Web Player 4.0.2 or higher

   TIBCO Spotfire Automation Services 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Automation Services 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Automation Services 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Automation Services 4.0.2 or higher

   TIBCO Spotfire Professional 3.1.X version 3.1.1 or higher

   TIBCO Spotfire Professional 3.2.X version 3.2.2 or higher

   TIBCO Spotfire Professional 3.3.X version 3.3.2 or higher

   TIBCO Spotfire Professional 4.0.2 or higher



References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2012-0690