CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11206 – TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks
https://notcve.org/view.php?id=CVE-2019-11206
14 May 2019 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10... • http://www.securityfocus.com/bid/108405 •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18813 – TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-18813
16 Jan 2019 — The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0. El componente del serv... • http://www.securityfocus.com/bid/106635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2018-18814 – TIBCO Spotfire Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2018-18814
16 Jan 2019 — The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: ver... • http://www.securityfocus.com/bid/106635 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18812 – TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library
https://notcve.org/view.php?id=CVE-2018-18812
16 Jan 2019 — The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Ser... • http://www.securityfocus.com/bid/106635 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5436 – TIBCO Spotfire Server information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2018-5436
27 Jun 2018 — The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. El componente del servi... • http://www.tibco.com/services/support/advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2014-5285
https://notcve.org/view.php?id=CVE-2014-5285
04 Sep 2014 — Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors. Vulnerabilidad no especificada en el módulo de la autenticación en TIBCO Spotfire Server anterior a 4.5.2, 5.0.x anterior a 5.0.3, 5.5.x anterior a 5.5.2, 6.0.x anterior a 6.0.3, y 6.5.x anterior a 6.5.1 permite a atacant... • http://www.tibco.com/assets/bltdb348db4de625c6f/2014-006-Spotfire-advisory-cm-including3.X_v4.txt •
CVSS: 9.8EPSS: 1%CPEs: 37EXPL: 0CVE-2014-2544
https://notcve.org/view.php?id=CVE-2014-2544
09 Apr 2014 — Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Se... • http://www.tibco.com/mk/advisory.jsp •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2012-0690
https://notcve.org/view.php?id=CVE-2012-0690
13 Mar 2012 — TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL. TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, y Analytics Client Application de Spotfire Analytics Server anteriores a 10.1.2; Server anterio... • http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3132
https://notcve.org/view.php?id=CVE-2011-3132
02 Sep 2011 — Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server ant... • http://secunia.com/advisories/45864 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2011-3133
https://notcve.org/view.php?id=CVE-2011-3133
02 Sep 2011 — Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de tipo session fixation en TIBCO Spotfire Server v3.0.x antes de v3.0.2, v3.1.x antes de v3.1.2, v3.2.x antes de v3.2.1, y v3.3.x antes de v3.3.1, and Spotfire Analytics Server antes de v10.1.1, permite a atacantes remotos secuestrar sesio... • http://secunia.com/advisories/45864 •