Lucene search

[email protected]CVE-2019-17337

HistoryDec 17, 2019 - 9:15 p.m.

CVE-2019-17337

2019-12-1721:15:12

CWE-79

[email protected]

web.nvd.nist.gov

tibco

spotfire

aws marketplace

xss

security vulnerability

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.

Affected configurations

NVD

Node

tibcospotfire_analytics_platform_for_awsMatch10.6.0

tibcospotfire_serverRange≤7.11.7

tibcospotfire_serverMatch7.12.0

tibcospotfire_serverMatch7.13.0

tibcospotfire_serverMatch7.14.0

tibcospotfire_serverMatch10.0.0

tibcospotfire_serverMatch10.0.1

tibcospotfire_serverMatch10.1.0

tibcospotfire_serverMatch10.2.0

tibcospotfire_serverMatch10.2.1

tibcospotfire_serverMatch10.3.0

tibcospotfire_serverMatch10.3.1

tibcospotfire_serverMatch10.3.2

tibcospotfire_serverMatch10.3.3

tibcospotfire_serverMatch10.3.4

tibcospotfire_serverMatch10.4.0

tibcospotfire_serverMatch10.5.0

tibcospotfire_serverMatch10.6.0

CPENameOperatorVersion
tibco:spotfire_analytics_platform_for_awstibco spotfire analytics platform for awseq10.6.0
tibco:spotfire_servertibco spotfire serverle7.11.7
tibco:spotfire_servertibco spotfire servereq7.12.0
tibco:spotfire_servertibco spotfire servereq7.13.0
tibco:spotfire_servertibco spotfire servereq7.14.0
tibco:spotfire_servertibco spotfire servereq10.0.0
tibco:spotfire_servertibco spotfire servereq10.0.1
tibco:spotfire_servertibco spotfire servereq10.1.0
tibco:spotfire_servertibco spotfire servereq10.2.0
tibco:spotfire_servertibco spotfire servereq10.2.1

CPE	Name	Operator	Version
tibco:spotfire_analytics_platform_for_aws	tibco spotfire analytics platform for aws	eq	10.6.0
tibco:spotfire_server	tibco spotfire server	le	7.11.7
tibco:spotfire_server	tibco spotfire server	eq	7.12.0
tibco:spotfire_server	tibco spotfire server	eq	7.13.0
tibco:spotfire_server	tibco spotfire server	eq	7.14.0
tibco:spotfire_server	tibco spotfire server	eq	10.0.0
tibco:spotfire_server	tibco spotfire server	eq	10.0.1
tibco:spotfire_server	tibco spotfire server	eq	10.1.0
tibco:spotfire_server	tibco spotfire server	eq	10.2.0
tibco:spotfire_server	tibco spotfire server	eq	10.2.1

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Server",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.7",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.12.0"
      },
      {
        "status": "affected",
        "version": "7.13.0"
      },
      {
        "status": "affected",
        "version": "7.14.0"
      },
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "10.0.1"
      },
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.2.0"
      },
      {
        "status": "affected",
        "version": "10.2.1"
      },
      {
        "status": "affected",
        "version": "10.3.0"
      },
      {
        "status": "affected",
        "version": "10.3.1"
      },
      {
        "status": "affected",
        "version": "10.3.2"
      },
      {
        "status": "affected",
        "version": "10.3.3"
      },
      {
        "status": "affected",
        "version": "10.3.4"
      },
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.5.0"
      },
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for CVE-2019-17337

cvelist1 symantec1 prion1 nvd1