TIBCO Spotfire Web Player vulnerabilities
Original release date: July 15, 2015
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Analyst 5.5.1 and earlier
TIBCO Spotfire Analyst 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Analyst 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Analyst 7.0.0
TIBCO Spotfire Analytics Platform for AWS version 6.5
TIBCO Spotfire Analytics Platform for AWS version 7.0.0
TIBCO Spotfire Automation Services 5.5.1 and earlier
TIBCO Spotfire Automation Services 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Automation Services 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Automation Services 7.0.0
TIBCO Spotfire Deployment Kit 5.5.1 and earlier
TIBCO Spotfire Deployment Kit 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Deployment Kit 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Deployment Kit 7.0.0
TIBCO Spotfire Desktop 6.5.1 and earlier
TIBCO Spotfire Desktop version 7.0.0
TIBCO Spotfire Desktop Language Packs version 7.0.0
TIBCO Spotfire Professional 5.5.1 and earlier
TIBCO Spotfire Professional 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Professional 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Professional 7.0.0
TIBCO Spotfire Web Player 5.5.1 and earlier
TIBCO Spotfire Web Player 6.0.0, 6.0.1, and 6.0.2
TIBCO Spotfire Web Player 6.5.0, 6.5.1, and 6.5.2
TIBCO Spotfire Web Player 7.0.0
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.0 and earlier
The following components are affected:
* TIBCO Spotfire Client
* TIBCO Spotfire Web Player Client
Description
The TIBCO Spotfire components listed above contain critical vulnerabilities which could allow information disclosure or arbitrary code execution.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.
Impact
The impact of this vulnerability may include unprivileged information disclosure and arbitrary code execution.
CVSS v2 Base Score: 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Analyst 5.5.X version 5.5.2 or higher
TIBCO Spotfire Analyst 6.0.X version 6.0.3 or higher
TIBCO Spotfire Analyst 6.5.X version 6.5.3 or higher
TIBCO Spotfire Analyst version 7.0.1 or higher
TIBCO Spotfire Analytics Platform for AWS version 7.0.1 or higher
TIBCO Spotfire Automation Services 5.5.X version 5.5.2 or higher
TIBCO Spotfire Automation Services 6.0.X version 6.0.3 or higher
TIBCO Spotfire Automation Services 6.5.X version 6.5.3 or higher
TIBCO Spotfire Automation Services version 7.0.1 or higher
TIBCO Spotfire Deployment Kit 5.5.X version 5.5.2 or higher
TIBCO Spotfire Deployment Kit 6.0.X version 6.0.3 or higher
TIBCO Spotfire Deployment Kit 6.5.X version 6.5.3 or higher
TIBCO Spotfire Deployment Kit version 7.0.1 or higher
TIBCO Spotfire Desktop 6.5.X version 6.5.2 or higher
TIBCO Spotfire Desktop version 7.0.1 or higher
TIBCO Spotfire Desktop Language Packs version 7.0.1 or higher
TIBCO Spotfire Professional 5.5.X version 5.5.2 or higher
TIBCO Spotfire Professional 6.0.X version 6.0.3 or higher
TIBCO Spotfire Professional 6.5.X version 6.5.3 or higher
TIBCO Spotfire Professional version 7.0.1 or higher
TIBCO Spotfire Web Player 5.5.X version 5.5.2 or higher
TIBCO Spotfire Web Player 6.0.X version 6.0.3 or higher
TIBCO Spotfire Web Player 6.5.X version 6.5.3 or higher
TIBCO Spotfire Web Player version 7.0.1 or higher
TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.1 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2015-4554