CVE-2018-5436
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| TIBCO Software Inc. | TIBCO Spotfire Analytics Platform for AWS Marketplace | unspecified <= 7.12.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Server | unspecified <= 7.8.1 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Server | 7.9.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Server | 7.10.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Server | 7.11.0 | affected |
| TIBCO Software Inc. | TIBCO Spotfire Server | 7.12.0 | affected |
Weaknesses
- The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to user and data source credentials, and then use those credentials for additional access.
ADP Enrichment
CVE Program Container
Additional References
- https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436
- http://www.tibco.com/services/support/advisories
References
- https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436
- http://www.tibco.com/services/support/advisories
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.