TIBCO Spotfire Web Player vulnerabilities Original release date: July 15, 2015 Last revised: -- Source: TIBCO Software Inc. Systems Affected TIBCO Spotfire Analyst 5.5.1 and earlier TIBCO Spotfire Analyst 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Analyst 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Analyst 7.0.0 TIBCO Spotfire Analytics Platform for AWS version 6.5 TIBCO Spotfire Analytics Platform for AWS version 7.0.0 TIBCO Spotfire Automation Services 5.5.1 and earlier TIBCO Spotfire Automation Services 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Automation Services 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Automation Services 7.0.0 TIBCO Spotfire Deployment Kit 5.5.1 and earlier TIBCO Spotfire Deployment Kit 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Deployment Kit 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Deployment Kit 7.0.0 TIBCO Spotfire Desktop 6.5.1 and earlier TIBCO Spotfire Desktop version 7.0.0 TIBCO Spotfire Desktop Language Packs version 7.0.0 TIBCO Spotfire Professional 5.5.1 and earlier TIBCO Spotfire Professional 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Professional 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Professional 7.0.0 TIBCO Spotfire Web Player 5.5.1 and earlier TIBCO Spotfire Web Player 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Web Player 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Web Player 7.0.0 TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.0 and earlier The following components are affected: * TIBCO Spotfire Client * TIBCO Spotfire Web Player Client Description The TIBCO Spotfire components listed above contain critical vulnerabilities which could allow information disclosure or arbitrary code execution. TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below. Impact The impact of this vulnerability may include unprivileged information disclosure and arbitrary code execution. CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Solution For each affected system, update to the corresponding software versions: TIBCO Spotfire Analyst 5.5.X version 5.5.2 or higher TIBCO Spotfire Analyst 6.0.X version 6.0.3 or higher TIBCO Spotfire Analyst 6.5.X version 6.5.3 or higher TIBCO Spotfire Analyst version 7.0.1 or higher TIBCO Spotfire Analytics Platform for AWS version 7.0.1 or higher TIBCO Spotfire Automation Services 5.5.X version 5.5.2 or higher TIBCO Spotfire Automation Services 6.0.X version 6.0.3 or higher TIBCO Spotfire Automation Services 6.5.X version 6.5.3 or higher TIBCO Spotfire Automation Services version 7.0.1 or higher TIBCO Spotfire Deployment Kit 5.5.X version 5.5.2 or higher TIBCO Spotfire Deployment Kit 6.0.X version 6.0.3 or higher TIBCO Spotfire Deployment Kit 6.5.X version 6.5.3 or higher TIBCO Spotfire Deployment Kit version 7.0.1 or higher TIBCO Spotfire Desktop 6.5.X version 6.5.2 or higher TIBCO Spotfire Desktop version 7.0.1 or higher TIBCO Spotfire Desktop Language Packs version 7.0.1 or higher TIBCO Spotfire Professional 5.5.X version 5.5.2 or higher TIBCO Spotfire Professional 6.0.X version 6.0.3 or higher TIBCO Spotfire Professional 6.5.X version 6.5.3 or higher TIBCO Spotfire Professional version 7.0.1 or higher TIBCO Spotfire Web Player 5.5.X version 5.5.2 or higher TIBCO Spotfire Web Player 6.0.X version 6.0.3 or higher TIBCO Spotfire Web Player 6.5.X version 6.5.3 or higher TIBCO Spotfire Web Player version 7.0.1 or higher TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.1 or higher References http://www.tibco.com/mk/advisory.jsp CVE: CVE-2015-4554