Page 4 of 24 results (0.004 seconds)

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 0

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. Spotfire Server versiones 7.0.X y anteriores a 7.0.2, versiones 7.5.x y anteriores a 7.5.1, versiones 7.6.x y anteriores a 7.6.1, versiones 7.7.x y anteriores a 7.7.1, y las versiones 7.8.x y anteriores a 7.8.1, y Spotfire Analytics Platform versión 7.8.0 y anteriores, de TIBCO para AWS Marketplace, contienen varias vulnerabilidades que pueden permitir a los usuarios autorizados realizar ataques de inyección SQL. • http://www.securityfocus.com/bid/98398 http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL. Spotfire Parsing Library y Spotfire Security Filter en TIBCO Spotfire Server 5.5.x en versiones anteriores a 5.5.4, 6.0.x en versiones anteriores a 6.0.5, 6.5.x en versiones anteriores a 6.5.4 y 7.0.x en versiones anteriores a 7.0.1 y Spotfire Analytics Platform en versiones anteriores a 7.0.2 para AWS Marketplace permiten a atacantes remotos obtener información de log sensible visitando una URL no especificada. • http://www.securitytracker.com/id/1034011 http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL. Spotfire Parsing Library y Spotfire Security Filter en TIBCO Spotfire Server 5.5.x en versiones anteriores a 5.5.4, 6.0.x en versiones anteriores a 6.0.5, 6.5.x en versiones anteriores a 6.5.4 y 7.0.x en versiones anteriores a 7.0.1 y Spotfire Analytics Platform en versiones anteriores a 7.0.2 para AWS Marketplace permiten a usuarios remotos autenticados obtener información de sistema sensible visitando una URL no especificada. • http://www.securitytracker.com/id/1034011 http://www.tibco.com/assets/blt3a3a55ab42f2f5cd/2015-004-advisory.txt http://www.tibco.com/mk/advisory.jsp • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0

Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors. Vulnerabilidad no especificada en el módulo de la autenticación en TIBCO Spotfire Server anterior a 4.5.2, 5.0.x anterior a 5.0.3, 5.5.x anterior a 5.5.2, 6.0.x anterior a 6.0.3, y 6.5.x anterior a 6.5.1 permite a atacantes remotos ganar privilegios, y obtener información sensible o modificar datos, a través de vectores desconocidos. • http://www.tibco.com/assets/bltdb348db4de625c6f/2014-006-Spotfire-advisory-cm-including3.X_v4.txt http://www.tibco.com/mk/advisory.jsp •

CVSS: 7.5EPSS: 1%CPEs: 37EXPL: 0

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en Spotfire Web Player Engine, Spotfire Desktop y el módulo de autenticación de servidor de Spotfire en TIBCO Spotfire Server 3.3.x anterior a 3.3.4, 4.5.x anterior a 4.5.1, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.2; Spotfire Professional 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Web Player 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Automation Services 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Deployment Kit 4.0.x anterior a 4.0.4, 4.5.x anterior a 4.5.2, 5.0.x anterior a 5.0.2, 5.5.x anterior a 5.5.1 y 6.x anterior a 6.0.1; Spotfire Desktop 6.x anterior a 6.0.1 y Spotfire Analyst 6.x anterior a 6.0.1 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www.tibco.com/mk/advisory.jsp http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt •