CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18813 – TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2018-18813
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0. El componente del servidor web Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene múltiples vulnerabilidades que podrían permitir ataques de Componente persistente y reflejado. • http://www.securityfocus.com/bid/106635 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-18814 – TIBCO Spotfire Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2018-18814
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0. El componente de autenticación TIBCO Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene una vulnerabilidad en el manejo de la autenticación que, en teoría, podría permitir que un atacante obtenga acceso total a una cuenta objetivo, independientemente de los mecanismos de autenticación configurados. • http://www.securityfocus.com/bid/106635 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814 • CWE-287: Improper Authentication •
CVSS: 5.4EPSS: 0%CPEs: 32EXPL: 0CVE-2017-3180 – Multiple TIBCO Spotfire components fail to sanitize user-supplied inout and are vulnerable to cross-site scripting
https://notcve.org/view.php?id=CVE-2017-3180
Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier TIBCO Spotfire Analyst 7.5.0 TIBCO Spotfire Analyst 7.6.0 TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier TIBCO Spotfire Automation Services 6.5.3 and earlier TIBCO Spotfire Automation Services 7.0.0, and 7.0.1 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 6.5.3 and earlier TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1 TIBCO Spotfire Deployment Kit 7.5.0 TIBCO Spotfire Deployment Kit 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 6.5.2 and earlier TIBCO Spotfire Desktop 7.0.0, and 7.0.1 TIBCO Spotfire Desktop 7.5.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.0.1 and earlier TIBCO Spotfire Desktop Language Packs 7.5.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 TIBCO Spotfire Professional 6.5.3 and earlier TIBCO Spotfire Professional 7.0.0 and 7.0.1 TIBCO Spotfire Web Player 6.5.3 and earlier TIBCO Spotfire Web Player 7.0.0 and 7.0.1 Múltiples productos TIBCO son propensos a múltiples vulnerabilidades sin especificar de Cross-Site Scripting (XSS) debido a que fracasan a la hora de sanear entradas proporcionadas por el usuario. Un atacante podría aprovechar estos problemas para ejecutar código script arbitrario en el navegador de un usuario incauto en el contexto del sitio afectado. • https://www.securityfocus.com/bid/95699 https://www.tibco.com//support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3180 • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 50EXPL: 0CVE-2018-5435 – TIBCO Spotfire Product Family Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-5435
The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0. Los componentes TIBCO Spotfire Client y TIBCO Spotfire Web Player Client de TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop y TIBCO Spotfire Desktop Language Packs de TIBCO Software Inc. contienen múltiples vulnerabilidades que podrían permitir la ejecución remota de código. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435 •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5436 – TIBCO Spotfire Server information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2018-5436
The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. El componente del servidor Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene múltiples vulnerabilidades que podrían permitir una divulgación de información, incluyendo las credenciales de usuario y de origen de datos. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •