TIBCO Spotfire Server Blind SSRF vulnerability
CVE-2022-30579

8.4HIGH

Key Information:

Vendor: Tibco
Status: Tibco Spotfire Analytics Platform For Aws Marketplace; Tibco Spotfire Server
Vendor: CVE Published:; 20 September 2022

What is CVE-2022-30579?

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.

Affected Version(s)

TIBCO Spotfire Analytics Platform for AWS Marketplace 12.0.0

TIBCO Spotfire Server 12.0.0

References

https://www.tibco.com/services/support/advisories

x_refsource_CONFIRM

https://www.tibco.com/support/advisories/2022/09/tibco-se...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2022
Vulnerability Reserved
May 11, 2022

Tibco

What is CVE-2022-30579?

Affected Version(s)

References

CVSS V3.1

Timeline