TIBCO Spotfire Server information disclosure vulnerabilities
CVE-2018-5436

6.5MEDIUM

Key Information:

Vendor: Tibco
Status: Tibco Spotfire Analytics Platform For Aws Marketplace; Tibco Spotfire Server
Vendor: CVE Published:; 27 June 2018

Summary

The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.

Affected Version(s)

TIBCO Spotfire Analytics Platform for AWS Marketplace <= 7.12.0

TIBCO Spotfire Server <= 7.8.1

TIBCO Spotfire Server 7.9.0

References

https://www.tibco.com/support/advisories/2018/06/tibco-se...

x_refsource_CONFIRM

http://www.tibco.com/services/support/advisories

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 27, 2018
Vulnerability Reserved
Jan 12, 2018

Collectors

NVD DatabaseMitre Database