4 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL. TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, y Analytics Client Application de Spotfire Analytics Server anteriores a 10.1.2; Server anteriores a 3.3.3; y Web Player, Automation Services, y Professional anteriores a 4.0.2 permiten a atacantes remotos obtener información confidencial a través de una URL modificada. • http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de tipo session fixation en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos secuestrar sesiones web a traves de vectores no especificados. • http://secunia.com/advisories/45864 http://www.securitytracker.com/id?1025999 http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt http://www.tibco.com/services/support/advisories/default.jsp •

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL. Vulnerabilidad no especificada en TIBICO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, y Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos modificar datos y obtener informacion sensible a través de una URL modificada • http://secunia.com/advisories/45864 http://www.securitytracker.com/id?1025999 http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt http://www.tibco.com/services/support/advisories/default.jsp •

CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0

Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos inyectar secuencias de comandos web y HTML a traves de vectores no especificados. • http://secunia.com/advisories/45864 http://www.securitytracker.com/id?1025999 http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt http://www.tibco.com/services/support/advisories/default.jsp • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •