CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11206 – TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks
https://notcve.org/view.php?id=CVE-2019-11206
14 May 2019 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10... • http://www.securityfocus.com/bid/108405 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18812 – TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library
https://notcve.org/view.php?id=CVE-2018-18812
16 Jan 2019 — The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Ser... • http://www.securityfocus.com/bid/106635 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18813 – TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-18813
16 Jan 2019 — The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0. El componente del serv... • http://www.securityfocus.com/bid/106635 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 2%CPEs: 7EXPL: 0CVE-2018-18814 – TIBCO Spotfire Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2018-18814
16 Jan 2019 — The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: ver... • http://www.securityfocus.com/bid/106635 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5436 – TIBCO Spotfire Server information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2018-5436
27 Jun 2018 — The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. El componente del servi... • http://www.tibco.com/services/support/advisories • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5527 – TIBCO Spotfire injection vulnerabilities
https://notcve.org/view.php?id=CVE-2017-5527
09 May 2017 — TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. Spotfire Server versiones 7.0.X y anteriores a 7.0.2, versiones 7.5.x y anteriores a 7.5.1, versiones 7.6.x y anteriores a 7.6.1, versiones 7.7.x y anteriores a 7.7.1, y las versiones 7.8.x y anteriores a 7.8.1, y Spo... • http://www.securityfocus.com/bid/98398 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •