{"containers": {"cna": {"affected": [{"product": "TIBCO Spotfire Analyst", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.8.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.9.0"}, {"status": "affected", "version": "7.9.1"}, {"status": "affected", "version": "7.10.0"}, {"status": "affected", "version": "7.10.1"}, {"status": "affected", "version": "7.11.0"}, {"status": "affected", "version": "7.12.0"}]}, {"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.12.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Spotfire Deployment Kit", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.8.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.9.0"}, {"status": "affected", "version": "7.9.1"}, {"status": "affected", "version": "7.10.0"}, {"status": "affected", "version": "7.10.1"}, {"status": "affected", "version": "7.11.0"}, {"status": "affected", "version": "7.12.0"}]}, {"product": "TIBCO Spotfire Desktop", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.8.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.9.0"}, {"status": "affected", "version": "7.9.1"}, {"status": "affected", "version": "7.10.0"}, {"status": "affected", "version": "7.10.1"}, {"status": "affected", "version": "7.11.0"}, {"status": "affected", "version": "7.12.0"}]}, {"product": "TIBCO Spotfire Desktop Language Packs", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.8.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.9.0"}, {"status": "affected", "version": "7.9.1"}, {"status": "affected", "version": "7.10.0"}, {"status": "affected", "version": "7.10.1"}, {"status": "affected", "version": "7.11.0"}]}], "datePublic": "2018-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-29T15:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO Spotfire Product Family Remote Code Execution Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2018-06-26T16:00:00.000Z", "ID": "CVE-2018-5435", "STATE": "PUBLIC", "TITLE": "TIBCO Spotfire Product Family Remote Code Execution Vulnerability", "UPDATED": "2018-06-28T18:00:00.000Z"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Spotfire Analyst", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.8.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.11.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.12.0"}]}}, {"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.12.0"}]}}, {"product_name": "TIBCO Spotfire Deployment Kit", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.8.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.11.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.12.0"}]}}, {"product_name": "TIBCO Spotfire Desktop", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.8.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.11.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.12.0"}]}}, {"product_name": "TIBCO Spotfire Desktop Language Packs", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.8.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.11.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the theoretical possibility that an unprivileged remote attacker could execute code with the privileges of the user account running the affected component."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "MISC", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analyst versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Analyst versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Analyst versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Analyst version 7.11.0 update to version 7.11.1\nTIBCO Spotfire Analyst version 7.12.0 update to version 7.13.0\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Deployment Kit versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Deployment Kit versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Deployment Kit versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Deployment Kit version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Deployment Kit version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Desktop version 7.12.0 update to version 7.13.0 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.8.0 and below update to version 7.8.1 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.9.0 and 7.9.1 update to version 7.9.2 or higher\nTIBCO Spotfire Desktop Language Packs versions 7.10.0 and 7.10.1 update to version 7.10.2 or higher\nTIBCO Spotfire Desktop Language Packs version 7.11.0 update to version 7.11.1 or higher"}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.385Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2018-5435", "datePublished": "2018-06-27T16:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-16T19:51:48.227Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*", "matchCriteriaId": "10715379-262A-4BF6-81C1-E83EDFD0997D", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "F156A08E-4322-4709-AB55-729DD88750C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1D9BA58-24CC-49B0-9AAC-B5282739148F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A523064-C669-4E54-8144-028E67B9E101", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE7860A0-9D92-4A36-82EE-652D259C82CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "807C6E14-4BA0-451D-BD58-60EA49693B19", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "9421F962-9DF2-47FC-A0D7-C90E6E2D0792", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*", "matchCriteriaId": "07EB5484-D457-4782-B573-874F81C5706B", "versionEndIncluding": "7.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "9339756F-D9E7-4C81-902B-A89508751623", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "707FD8E7-1D94-487A-9969-C2A24EB0B0CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1202BCD2-88B8-4C01-B847-0B62395C9E73", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD8CE0D2-2BD8-43D6-AEC6-0FF8A0172D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B4E3F39-B72D-4E61-B7A8-B0A9058615B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7AA90E0-E644-4D57-94F8-D3CE47259286", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B8CBAA0-9B0D-4C16-A9AD-4DD94D70E979", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB2A8693-7280-438B-A8C4-CA8FCB81BEEB", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "242536E9-B5D5-4C28-AC6C-367E596B042E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "151FA030-E1DC-4557-A796-0F700D0FE322", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "941B4BFF-B9C0-49E8-9799-EA3C607DC2EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4FACDF7-464C-45D7-9C52-C773DDFEB695", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "AFD0D0AA-B286-4494-B55C-C46B9C7DA373", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "031D605C-66FE-40BC-B73C-D122944DBF08", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_desktop_language_packs:*:*:*:*:*:*:*:*", "matchCriteriaId": "6C93DB13-7E0B-4260-875F-8EC71BA10E4B", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "6F6DB39B-3E4D-4BFB-8232-72EA87C7D156", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "2CC33387-D15B-4C9A-86E1-2E0A0B490B6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "21E52981-102A-4F56-BBE1-328FF63CD05F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "1CD9867D-EEF9-4228-9B2A-06449813DD1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "B43A6213-F9B4-4CBC-A34D-A67648DE0F54", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analyst:*:*:*:*:*:*:*:*", "matchCriteriaId": "10715379-262A-4BF6-81C1-E83EDFD0997D", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "F156A08E-4322-4709-AB55-729DD88750C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "A1D9BA58-24CC-49B0-9AAC-B5282739148F", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "3A523064-C669-4E54-8144-028E67B9E101", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE7860A0-9D92-4A36-82EE-652D259C82CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "807C6E14-4BA0-451D-BD58-60EA49693B19", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_analyst:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "9421F962-9DF2-47FC-A0D7-C90E6E2D0792", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*", "matchCriteriaId": "07EB5484-D457-4782-B573-874F81C5706B", "versionEndIncluding": "7.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*", "matchCriteriaId": "9339756F-D9E7-4C81-902B-A89508751623", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "707FD8E7-1D94-487A-9969-C2A24EB0B0CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "1202BCD2-88B8-4C01-B847-0B62395C9E73", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD8CE0D2-2BD8-43D6-AEC6-0FF8A0172D2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B4E3F39-B72D-4E61-B7A8-B0A9058615B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7AA90E0-E644-4D57-94F8-D3CE47259286", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_deployment_kit:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "0B8CBAA0-9B0D-4C16-A9AD-4DD94D70E979", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB2A8693-7280-438B-A8C4-CA8FCB81BEEB", "versionEndIncluding": "7.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "242536E9-B5D5-4C28-AC6C-367E596B042E", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "151FA030-E1DC-4557-A796-0F700D0FE322", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "941B4BFF-B9C0-49E8-9799-EA3C607DC2EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F4FACDF7-464C-45D7-9C52-C773DDFEB695", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "AFD0D0AA-B286-4494-B55C-C46B9C7DA373", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_desktop:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "031D605C-66FE-40BC-B73C-D122944DBF08", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Deployment Kit: versions up to and including 7.8.0; 7.9.0;7.9.1;7.10.0;7.10.1;7.11.0; 7.12.0, TIBCO Spotfire Desktop: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0;7.12.0, TIBCO Spotfire Desktop Language Packs: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0."}, {"lang": "es", "value": "Los componentes TIBCO Spotfire Client y TIBCO Spotfire Web Player Client de TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop y TIBCO Spotfire Desktop Language Packs de TIBCO Software Inc. contienen m\u00faltiples vulnerabilidades que podr\u00edan permitir la ejecuci\u00f3n remota de c\u00f3digo. Las versiones afectadas son TIBCO Spotfire Analyst hasta las versiones (inclusives) 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0 y 7.12.0, TIBCO Spotfire Analytics Platform for AWS Marketplace hasta las versi\u00f3n (inclusive) 7.12.0, TIBCO Spotfire Deployment Kit hasta las versiones (inclusives) 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0 y 7.12.0, TIBCO Spotfire Desktop hasta las versiones (inclusives) 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0 y 7.12.0 y TIBCO Spotfire Desktop Language Pack hasta las versiones (inclusives) 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1 y 7.11.0 de TIBCO Software Inc."}], "id": "CVE-2018-5435", "lastModified": "2019-10-09T23:41:20.987", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2018-06-27T16:29:00.347", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}