TIBCO Spotfire Server Blind SSRF vulnerability
CVE-2022-30579

7.1HIGH

Key Information:

Vendor: Tibco
Status: Tibco Spotfire Analytics Platform For Aws Marketplace; Tibco Spotfire Server
Vendor: CVE Published:; 20 September 2022

Summary

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.

Affected Version(s)

TIBCO Spotfire Analytics Platform for AWS Marketplace 12.0.0

TIBCO Spotfire Server 12.0.0

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2022/09/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 20, 2022
Vulnerability Reserved
May 11, 2022

Collectors

NVD DatabaseMitre Database