RSS   Vulnerabilities for 'Spotfire analytics platform'   RSS

2021-06-29
 
CVE-2021-23275

CWE-269
 

 
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low privileged attacker with local access on some versions of the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from a lack of access restrictions on certain files and/or folders in the installation. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.

 
 
CVE-2021-28830

CWE-269
 

 
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerability that theoretically allows a low privileged attacker with local access on the Windows operating system to insert malicious software. The affected component can be abused to execute the malicious software inserted by the attacker with the elevated privileges of the component. This vulnerability results from the affected component searching for run-time artifacts outside of the installation hierarchy. Affected releases are TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition: versions 1.2.4 and below, TIBCO Enterprise Runtime for R - Server Edition: versions 1.3.0 and 1.3.1, TIBCO Enterprise Runtime for R - Server Edition: versions 1.4.0, 1.5.0, and 1.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.3.0 and below, TIBCO Spotfire Server: versions 10.3.12 and below, TIBCO Spotfire Server: versions 10.4.0, 10.5.0, 10.6.0, 10.6.1, 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, 10.10.1, 10.10.2, 10.10.3, and 10.10.4, TIBCO Spotfire Server: versions 11.0.0, 11.1.0, 11.2.0, and 11.3.0, TIBCO Spotfire Statistics Services: versions 10.3.0 and below, TIBCO Spotfire Statistics Services: versions 10.10.0, 10.10.1, and 10.10.2, and TIBCO Spotfire Statistics Services: versions 11.1.0, 11.2.0, and 11.3.0.

 

 >>> Vendor: Tibco 142 Products
Desktop
Web player
HAWK
Hawk monitoring agent
Runtime agent
Rendezvous
Smart pgm fx
Enterprise message service
Rtworks
Smartsockets rtserver
Administrator
Adapter files z os
Iprocess engine
Rendezvous datasecurity
Rendezvous tx
Substantiation es
Mainframe service tracker
Smartsockets
Activematrix businessworks service engine
Activematrix service bus
Activematrix service grid
Activematrix service performance manager
Activematrix bpm
Silver bpm service
Silver cap service
Activecatalog
Collaborative information manager
Silver businessworks service
Tibbr
Tibbr service
Iprocess workspace
Spotfire analytics server
Spotfire server
Managed file transfer command center
Managed file transfer internet server
Slingshot
Activematrix businessworks
Businessevents
Silver fabric activematrix service grid distribution
Spotfire professional
Web player automation services
Formvine
Spotfire statistics services
Spotfire web player
Silver mobile
Enterprise administrator
Enterprise administrator sdk
Messaging appliance
Analyst
Automation services
Deployment kit
Vault
Silver fabric enabler
Spotfire deployment kit
Activematrix management agent
Activematrix policy agent
Activematrix policy manager
Silver fabric enabler for spotfire webplayer
Spotfire analyst
Spotfire analytics platform for aws
Spotfire automation services
Spotfire desktop
Spotfire desktop language packs
Rendezvous network server
Substation es
Loglogic unity
Enterprise message service appliance
Enterprise message service appliance firmware
Jasperreports server community edition
Jasperreports server for activematrix bpm
Jasperreports server
Jaspersoft for aws with multitenancy
Jaspersoft reporting and analytics for aws
Jasperreports library community edition
Jaspersoft studio for activematrix bpm
Jasperreports professional
Jaspersoft for aws with multi-tenancy
Jasperreports library for activematrix bpm
Jasperreports library
Jaspersoft
Jaspersoft reporting and analytics
Jaspersoft studio
Businessworks process monitor
Datasynapse gridserver manager
Data virtualization
Silver fabric enabler for spotfire web player
Spotfire connectors
Spotfire client
Spotfire web player client
Activematrix businessworks distribution for tibco silver fabric
Statistica server
Activespaces
Messaging - apache kafka distribution - schema repository
Rendezvous for z/linux
Rendezvous for z/os
Silver fabric
Data science for aws
Spotfire data science
Activematrix business process management
Activematrix policy director
See all Products for Vendor Tibco


Copyright 2024, cxsecurity.com

 

Back to Top