TIBCO Spotfire Web Player vulnerabilities

2015.07.22
Credit: tibco
Risk: High
Local: No
Remote: Yes
CWE: N/A


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

TIBCO Spotfire Web Player vulnerabilities Original release date: July 15, 2015 Last revised: -- Source: TIBCO Software Inc. Systems Affected TIBCO Spotfire Analyst 5.5.1 and earlier TIBCO Spotfire Analyst 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Analyst 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Analyst 7.0.0 TIBCO Spotfire Analytics Platform for AWS version 6.5 TIBCO Spotfire Analytics Platform for AWS version 7.0.0 TIBCO Spotfire Automation Services 5.5.1 and earlier TIBCO Spotfire Automation Services 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Automation Services 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Automation Services 7.0.0 TIBCO Spotfire Deployment Kit 5.5.1 and earlier TIBCO Spotfire Deployment Kit 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Deployment Kit 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Deployment Kit 7.0.0 TIBCO Spotfire Desktop 6.5.1 and earlier TIBCO Spotfire Desktop version 7.0.0 TIBCO Spotfire Desktop Language Packs version 7.0.0 TIBCO Spotfire Professional 5.5.1 and earlier TIBCO Spotfire Professional 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Professional 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Professional 7.0.0 TIBCO Spotfire Web Player 5.5.1 and earlier TIBCO Spotfire Web Player 6.0.0, 6.0.1, and 6.0.2 TIBCO Spotfire Web Player 6.5.0, 6.5.1, and 6.5.2 TIBCO Spotfire Web Player 7.0.0 TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.0 and earlier The following components are affected: * TIBCO Spotfire Client * TIBCO Spotfire Web Player Client Description The TIBCO Spotfire components listed above contain critical vulnerabilities which could allow information disclosure or arbitrary code execution. TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below. Impact The impact of this vulnerability may include unprivileged information disclosure and arbitrary code execution. CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) Solution For each affected system, update to the corresponding software versions: TIBCO Spotfire Analyst 5.5.X version 5.5.2 or higher TIBCO Spotfire Analyst 6.0.X version 6.0.3 or higher TIBCO Spotfire Analyst 6.5.X version 6.5.3 or higher TIBCO Spotfire Analyst version 7.0.1 or higher TIBCO Spotfire Analytics Platform for AWS version 7.0.1 or higher TIBCO Spotfire Automation Services 5.5.X version 5.5.2 or higher TIBCO Spotfire Automation Services 6.0.X version 6.0.3 or higher TIBCO Spotfire Automation Services 6.5.X version 6.5.3 or higher TIBCO Spotfire Automation Services version 7.0.1 or higher TIBCO Spotfire Deployment Kit 5.5.X version 5.5.2 or higher TIBCO Spotfire Deployment Kit 6.0.X version 6.0.3 or higher TIBCO Spotfire Deployment Kit 6.5.X version 6.5.3 or higher TIBCO Spotfire Deployment Kit version 7.0.1 or higher TIBCO Spotfire Desktop 6.5.X version 6.5.2 or higher TIBCO Spotfire Desktop version 7.0.1 or higher TIBCO Spotfire Desktop Language Packs version 7.0.1 or higher TIBCO Spotfire Professional 5.5.X version 5.5.2 or higher TIBCO Spotfire Professional 6.0.X version 6.0.3 or higher TIBCO Spotfire Professional 6.5.X version 6.5.3 or higher TIBCO Spotfire Professional version 7.0.1 or higher TIBCO Spotfire Web Player 5.5.X version 5.5.2 or higher TIBCO Spotfire Web Player 6.0.X version 6.0.3 or higher TIBCO Spotfire Web Player 6.5.X version 6.5.3 or higher TIBCO Spotfire Web Player version 7.0.1 or higher TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.1 or higher References http://www.tibco.com/mk/advisory.jsp CVE: CVE-2015-4554

References:

http://www.tibco.com/mk/advisory.jsp
http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top