CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-18814 – TIBCO Spotfire Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2018-18814
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0. El componente de autenticación TIBCO Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene una vulnerabilidad en el manejo de la autenticación que, en teoría, podría permitir que un atacante obtenga acceso total a una cuenta objetivo, independientemente de los mecanismos de autenticación configurados. • http://www.securityfocus.com/bid/106635 http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5436 – TIBCO Spotfire Server information disclosure vulnerabilities
https://notcve.org/view.php?id=CVE-2018-5436
The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0. El componente del servidor Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene múltiples vulnerabilidades que podrían permitir una divulgación de información, incluyendo las credenciales de usuario y de origen de datos. • http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-5527 – TIBCO Spotfire injection vulnerabilities
https://notcve.org/view.php?id=CVE-2017-5527
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. Spotfire Server versiones 7.0.X y anteriores a 7.0.2, versiones 7.5.x y anteriores a 7.5.1, versiones 7.6.x y anteriores a 7.6.1, versiones 7.7.x y anteriores a 7.7.1, y las versiones 7.8.x y anteriores a 7.8.1, y Spotfire Analytics Platform versión 7.8.0 y anteriores, de TIBCO para AWS Marketplace, contienen varias vulnerabilidades que pueden permitir a los usuarios autorizados realizar ataques de inyección SQL. • http://www.securityfocus.com/bid/98398 http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2015-5712
https://notcve.org/view.php?id=CVE-2015-5712
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. Spotfire Parsing Library y Spotfire Security Filter en TIBCO Spotfire Server 5.5.x en versiones anteriores a 5.5.4, 6.0.x en versiones anteriores a 6.0.5, 6.5.x en versiones anteriores a 6.5.4 y 7.0.x en versiones anteriores a 7.0.1 y Spotfire Analytics Platform en versiones anteriores a 7.0.2 para AWS Marketplace permiten a usuarios remotos autenticados obtener información de sistema sensible visitando una URL no especificada. • http://www.securitytracker.com/id/1034011 http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2015-5713
https://notcve.org/view.php?id=CVE-2015-5713
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL. Spotfire Parsing Library y Spotfire Security Filter en TIBCO Spotfire Server 5.5.x en versiones anteriores a 5.5.4, 6.0.x en versiones anteriores a 6.0.5, 6.5.x en versiones anteriores a 6.5.4 y 7.0.x en versiones anteriores a 7.0.1 y Spotfire Analytics Platform en versiones anteriores a 7.0.2 para AWS Marketplace permiten a atacantes remotos obtener información de log sensible visitando una URL no especificada. • http://www.securitytracker.com/id/1034011 http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •