Vulnerability CVE-2012-0690
Published: 2012-03-13

Description:
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.

Type:

CWE-200

 (Information Exposure)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Tibco -> Spotfire analytics server 
Tibco -> Spotfire professional 
Tibco -> Spotfire server 
Tibco -> Web player automation services 

 References:
http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp
http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt
Copyright 2024, cxsecurity.com

 

Back to Top