TIBCO Spotfire injection vulnerabilities
CVE-2017-5527

4.3MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Spotfire Server; Tibco Spotfire Analytics Platform For Aws Marketplace
Vendor: CVE Published:; 9 May 2017

Summary

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.

Affected Version(s)

TIBCO Spotfire Analytics Platform for AWS Marketplace 7.8.0

TIBCO Spotfire Server 7.0.0

TIBCO Spotfire Server 7.0.1

References

http://www.tibco.com/support/advisories/2017/05/tibco-sec...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/98398

vdb-entryx_refsource_BID

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2017
Vulnerability Reserved
Jan 19, 2017

Collectors

NVD DatabaseMitre Database