CVSS: 9.9EPSS: 0%CPEs: 22EXPL: 0CVE-2020-9408 – TIBCO Spotfire Server Script Trust Problem Exposes Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-9408
11 Mar 2020 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into executing arb... • http://www.tibco.com/services/support/advisories • CWE-276: Incorrect Default Permissions •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17337 – TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17337
17 Dec 2019 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1... • http://www.tibco.com/services/support/advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17336 – TIBCO Spotfire Web Player Potentially Exposes Credentials For Shared Data Sources
https://notcve.org/view.php?id=CVE-2019-17336
17 Dec 2019 — The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBCO Software I... • http://www.tibco.com/services/support/advisories •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2019-17335 – TIBCO Spotfire Server Exposes User-Specific Cached Data To Others Users
https://notcve.org/view.php?id=CVE-2019-17335
17 Dec 2019 — The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6... • http://www.tibco.com/services/support/advisories •
CVSS: 8.0EPSS: 0%CPEs: 29EXPL: 0CVE-2019-17334 – TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files
https://notcve.org/view.php?id=CVE-2019-17334
17 Dec 2019 — The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has wri... • http://www.tibco.com/services/support/advisories • CWE-276: Incorrect Default Permissions •
CVSS: 9.9EPSS: 3%CPEs: 3EXPL: 0CVE-2019-11211 – TIBCO Enterprise Runtime for R Server Running On Linux With Containerized TERR Service Vulnerable To Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11211
18 Sep 2019 — The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an authenticated user to trigger remote code execution in certain circumstances. When the affected component runs with the containerized TERR service on Linux the host can theoretically be tricked into running malicious code. This issue affects: TIBCO Enterprise Runtime for R - Server Edition version 1.2.0 ... • http://www.tibco.com/services/support/advisories •
CVSS: 10.0EPSS: 3%CPEs: 3EXPL: 0CVE-2019-11210 – TIBCO Enterprise Runtime for R Server Exposes Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-11210
18 Sep 2019 — The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls and remotely execute code using the operating system account hosting the affected component. This issue affects: TIBCO Enterprise Runtime for R - Server Edition versions 1.2.0 and below, and TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.4... • http://www.tibco.com/services/support/advisories •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-11206 – TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks
https://notcve.org/view.php?id=CVE-2019-11206
14 May 2019 — The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10... • http://www.securityfocus.com/bid/108405 •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-11205 – TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2019-11205
14 May 2019 — The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0. El componente Web Server de TIBCO Software Inc. • http://www.securityfocus.com/bid/108384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2018-18812 – TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library
https://notcve.org/view.php?id=CVE-2018-18812
16 Jan 2019 — The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Ser... • http://www.securityfocus.com/bid/106635 • CWE-732: Incorrect Permission Assignment for Critical Resource •