TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library
CVE-2018-18812

6.5MEDIUM

Key Information:

Vendor
Tibco
Status
Tibco Spotfire Analytics Platform For Aws Marketplace
Tibco Spotfire Server Versions
Vendor
CVE Published:
16 January 2019

Summary

The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.

Affected Version(s)

TIBCO Spotfire Analytics Platform for AWS Marketplace <= 10.0.0

TIBCO Spotfire Server <= 7.10.1

TIBCO Spotfire Server 7.11.0

References

http://www.securityfocus.com/bid/106635
vdb-entryx_refsource_BID
https://www.tibco.com/support/advisories/2019/01/tibco-se...
x_refsource_CONFIRM
http://www.tibco.com/services/support/advisories
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.