TIBCO Spotfire Analytics Platform For AWS 7.14.0 Cross Site Scripting Vulnerability

Summary

The web server component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.

Credit:

The information has been provided by Tibco
The original article can be found at: https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205


Details

The component listed above contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks.

The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component.

Vulnerable Systems:

  • Tibco Spotfire Analytics Platform For Aws 7.14.0
  • Tibco Spotfire Analytics Platform For Aws 7.14.1
  • Tibco Spotfire Analytics Platform For Aws 10.0.0
  • Tibco Spotfire Analytics Platform For Aws 10.0.1
  • Tibco Spotfire Analytics Platform For Aws 10.1.0
  • Tibco Spotfire Analytics Platform For Aws 10.2.0
  • Tibco Spotfire Server 7.14.0
  • Tibco Spotfire Server 10.0.0
  • Tibco Spotfire Server 10.0.1
  • Tibco Spotfire Server 10.1.0
  • Tibco Spotfire Server 10.2.0

CVE Information:
CVE-2019-11205

Disclosure Timeline:
Publish Date:05/14/2019