Lucene search

[email protected]CVE-2018-5436

HistoryJun 27, 2018 - 4:29 p.m.

CVE-2018-5436

2018-06-2716:29:00

CWE-200

[email protected]

web.nvd.nist.gov

tibco

spotfire

server

analytics

aws marketplace

cve-2018-5436

information disclosure

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.2%

JSON

The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.

Affected configurations

NVD

Node

tibcospotfire_analytics_platform_for_awsRange≤7.12.0

tibcospotfire_serverRange≤7.8.1

tibcospotfire_serverMatch7.9.0

tibcospotfire_serverMatch7.10.0

tibcospotfire_serverMatch7.11.0

tibcospotfire_serverMatch7.12.0

CPENameOperatorVersion
tibco:spotfire_analytics_platform_for_awstibco spotfire analytics platform for awsle7.12.0
tibco:spotfire_servertibco spotfire serverle7.8.1
tibco:spotfire_servertibco spotfire servereq7.9.0
tibco:spotfire_servertibco spotfire servereq7.10.0
tibco:spotfire_servertibco spotfire servereq7.11.0
tibco:spotfire_servertibco spotfire servereq7.12.0

CPE	Name	Operator	Version
tibco:spotfire_analytics_platform_for_aws	tibco spotfire analytics platform for aws	le	7.12.0
tibco:spotfire_server	tibco spotfire server	le	7.8.1
tibco:spotfire_server	tibco spotfire server	eq	7.9.0
tibco:spotfire_server	tibco spotfire server	eq	7.10.0
tibco:spotfire_server	tibco spotfire server	eq	7.11.0
tibco:spotfire_server	tibco spotfire server	eq	7.12.0

CNA Affected

[
  {
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.12.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.8.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.9.0"
      },
      {
        "status": "affected",
        "version": "7.10.0"
      },
      {
        "status": "affected",
        "version": "7.11.0"
      },
      {
        "status": "affected",
        "version": "7.12.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.2%

JSON

Related for CVE-2018-5436

cvelist1 prion1 nvd1