CVE-2018-5436

Summary

The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Spotfire Analytics Platform for AWS Marketplaceunspecified <= 7.12.0affected
TIBCO Software Inc.TIBCO Spotfire Serverunspecified <= 7.8.1affected
TIBCO Software Inc.TIBCO Spotfire Server7.9.0affected
TIBCO Software Inc.TIBCO Spotfire Server7.10.0affected
TIBCO Software Inc.TIBCO Spotfire Server7.11.0affected
TIBCO Software Inc.TIBCO Spotfire Server7.12.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to user and data source credentials, and then use those credentials for additional access.

ADP Enrichment

CVE Program Container

Additional References

References