TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities
CVE-2018-18813

8.8HIGH

Key Information:

Vendor
Tibco
Status
Tibco Spotfire Analytics Platform For Aws Marketplace
Tibco Spotfire Server
Vendor
CVE Published:
16 January 2019

Summary

The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.

Affected Version(s)

TIBCO Spotfire Analytics Platform for AWS Marketplace <= 10.0.0

TIBCO Spotfire Server <= 7.10.1

TIBCO Spotfire Server 7.11.0

References

http://www.securityfocus.com/bid/106635
vdb-entryx_refsource_BID
http://www.tibco.com/services/support/advisories
x_refsource_MISC
https://www.tibco.com/support/advisories/2019/01/tibco-se...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.