Security Advisory for TIBCO Spotfire products
Article ID: KB0108214
Updated On:
| Products | Versions |
|---|---|
| Spotfire Web Player | - |
| Spotfire Automation Services | - |
| Not Applicable | - |
Description
Description:
TIBCO Spotfire vulnerabilities
Original release date: July 15, 2015
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Analyst 5.5.1 and earlier
TIBCO Spotfire Analyst 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Analyst 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Analyst 7.0.0
TIBCO Spotfire Analytics Platform for AWS version 6.5
TIBCO Spotfire Analytics Platform for AWS version 7.0.0
TIBCO Spotfire Automation Services 5.5.1 and earlier
TIBCO Spotfire Automation Services 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Automation Services 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Automation Services 7.0.0
TIBCO Spotfire Deployment Kit 5.5.1 and earlier
TIBCO Spotfire Deployment Kit 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Deployment Kit 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Deployment Kit 7.0.0
TIBCO Spotfire Desktop 6.5.1 and earlier
TIBCO Spotfire Desktop version 7.0.0
TIBCO Spotfire Desktop Language Packs version 7.0.0
TIBCO Spotfire Professional 5.5.1 and earlier
TIBCO Spotfire Professional 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Professional 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Professional 7.0.0
TIBCO Spotfire Web Player 5.5.1 and earlier
TIBCO Spotfire Web Player 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Web Player 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Web Player 7.0.0
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.0 and earlier
The following components are affected:
* TIBCO Spotfire Client
* TIBCO Spotfire Web Player Client
Description
The TIBCO Spotfire components listed above contain critical vulnerabilities
which could allow information disclosure or arbitrary code execution.
TIBCO has released updated versions of the affected software products
which address these issues. TIBCO strongly recommends sites running the
affected components install the applicable update as described below.
Impact
The impact of this vulnerability may include unprivileged information disclosure
and arbitrary code execution.
CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analyst 5.5.X version 5.5.2 or higher
TIBCO Spotfire Analyst 6.0.X version 6.0.3 or higher
TIBCO Spotfire Analyst 6.5.X version 6.5.3 or higher
TIBCO Spotfire Analyst version 7.0.1 or higher
TIBCO Spotfire Analytics Platform for AWS version 7.0.1 or higher
TIBCO Spotfire Automation Services 5.5.X version 5.5.2 or higher
TIBCO Spotfire Automation Services 6.0.X version 6.0.3 or higher
TIBCO Spotfire Automation Services 6.5.X version 6.5.3 or higher
TIBCO Spotfire Automation Services version 7.0.1 or higher
TIBCO Spotfire Deployment Kit 5.5.X version 5.5.2 or higher
TIBCO Spotfire Deployment Kit 6.0.X version 6.0.3 or higher
TIBCO Spotfire Deployment Kit 6.5.X version 6.5.3 or higher
TIBCO Spotfire Deployment Kit version 7.0.1 or higher
TIBCO Spotfire Desktop 6.5.X version 6.5.2 or higher
TIBCO Spotfire Desktop version 7.0.1 or higher
TIBCO Spotfire Desktop Language Packs version 7.0.1 or higher
TIBCO Spotfire Professional 5.5.X version 5.5.2 or higher
TIBCO Spotfire Professional 6.0.X version 6.0.3 or higher
TIBCO Spotfire Professional 6.5.X version 6.5.3 or higher
TIBCO Spotfire Professional version 7.0.1 or higher
TIBCO Spotfire Web Player 5.5.X version 5.5.2 or higher
TIBCO Spotfire Web Player 6.0.X version 6.0.3 or higher
TIBCO Spotfire Web Player 6.5.X version 6.5.3 or higher
TIBCO Spotfire Web Player version 7.0.1 or higher
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.1 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2015-4554
TIBCO Spotfire vulnerabilities
Original release date: July 15, 2015
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Analyst 5.5.1 and earlier
TIBCO Spotfire Analyst 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Analyst 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Analyst 7.0.0
TIBCO Spotfire Analytics Platform for AWS version 6.5
TIBCO Spotfire Analytics Platform for AWS version 7.0.0
TIBCO Spotfire Automation Services 5.5.1 and earlier
TIBCO Spotfire Automation Services 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Automation Services 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Automation Services 7.0.0
TIBCO Spotfire Deployment Kit 5.5.1 and earlier
TIBCO Spotfire Deployment Kit 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Deployment Kit 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Deployment Kit 7.0.0
TIBCO Spotfire Desktop 6.5.1 and earlier
TIBCO Spotfire Desktop version 7.0.0
TIBCO Spotfire Desktop Language Packs version 7.0.0
TIBCO Spotfire Professional 5.5.1 and earlier
TIBCO Spotfire Professional 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Professional 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Professional 7.0.0
TIBCO Spotfire Web Player 5.5.1 and earlier
TIBCO Spotfire Web Player 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Web Player 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Web Player 7.0.0
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.0 and earlier
The following components are affected:
* TIBCO Spotfire Client
* TIBCO Spotfire Web Player Client
Description
The TIBCO Spotfire components listed above contain critical vulnerabilities
which could allow information disclosure or arbitrary code execution.
TIBCO has released updated versions of the affected software products
which address these issues. TIBCO strongly recommends sites running the
affected components install the applicable update as described below.
Impact
The impact of this vulnerability may include unprivileged information disclosure
and arbitrary code execution.
CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analyst 5.5.X version 5.5.2 or higher
TIBCO Spotfire Analyst 6.0.X version 6.0.3 or higher
TIBCO Spotfire Analyst 6.5.X version 6.5.3 or higher
TIBCO Spotfire Analyst version 7.0.1 or higher
TIBCO Spotfire Analytics Platform for AWS version 7.0.1 or higher
TIBCO Spotfire Automation Services 5.5.X version 5.5.2 or higher
TIBCO Spotfire Automation Services 6.0.X version 6.0.3 or higher
TIBCO Spotfire Automation Services 6.5.X version 6.5.3 or higher
TIBCO Spotfire Automation Services version 7.0.1 or higher
TIBCO Spotfire Deployment Kit 5.5.X version 5.5.2 or higher
TIBCO Spotfire Deployment Kit 6.0.X version 6.0.3 or higher
TIBCO Spotfire Deployment Kit 6.5.X version 6.5.3 or higher
TIBCO Spotfire Deployment Kit version 7.0.1 or higher
TIBCO Spotfire Desktop 6.5.X version 6.5.2 or higher
TIBCO Spotfire Desktop version 7.0.1 or higher
TIBCO Spotfire Desktop Language Packs version 7.0.1 or higher
TIBCO Spotfire Professional 5.5.X version 5.5.2 or higher
TIBCO Spotfire Professional 6.0.X version 6.0.3 or higher
TIBCO Spotfire Professional 6.5.X version 6.5.3 or higher
TIBCO Spotfire Professional version 7.0.1 or higher
TIBCO Spotfire Web Player 5.5.X version 5.5.2 or higher
TIBCO Spotfire Web Player 6.0.X version 6.0.3 or higher
TIBCO Spotfire Web Player 6.5.X version 6.5.3 or higher
TIBCO Spotfire Web Player version 7.0.1 or higher
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.1 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2015-4554
Issue/Introduction
Security Advisory for TIBCO Spotfire products
Environment
All supported platforms
Additional Information
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2015-4554
CVE: CVE-2015-4554
Feedback
Yes
No
Powered by
