CVE-2018-5436 - OpenCVE

The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Spotfire Analytics Platform For Aws Spotfire Server

Configuration 1 [-]

OR	cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws::::::::
	cpe:2.3:a:tibco:spotfire_server::::::::
	cpe:2.3:a:tibco:spotfire_server:7.9.0:::::::*
	cpe:2.3:a:tibco:spotfire_server:7.10.0:::::::*
	cpe:2.3:a:tibco:spotfire_server:7.11.0:::::::*
	cpe:2.3:a:tibco:spotfire_server:7.12.0:::::::*

No data.

References

Link	Providers
http://www.tibco.com/services/support/advisories
https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2018-06-27T16:00:00Z

Updated: 2024-09-17T01:26:22.747Z

Reserved: 2018-01-12T00:00:00

Link: CVE-2018-5436

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-06-27T16:29:00.397

Modified: 2019-10-09T23:41:21.187

Link: CVE-2018-5436

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.12.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Spotfire Server", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.8.1", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.9.0"}, {"status": "affected", "version": "7.10.0"}, {"status": "affected", "version": "7.11.0"}, {"status": "affected", "version": "7.12.0"}]}], "datePublic": "2018-06-26T00:00:00", "descriptions": [{"lang": "en", "value": "The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to user and data source credentials, and then use those credentials for additional access.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-06-27T15:57:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436"}, {"tags": ["x_refsource_MISC"], "url": "http://www.tibco.com/services/support/advisories"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Server versions 7.8.1 and below update to version 7.8.2 or higher\nTIBCO Spotfire Server version 7.9.0 update to version 7.9.1 or higher\nTIBCO Spotfire Server version 7.10.0 update to version 7.10.1 or higher\nTIBCO Spotfire Server version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Server version 7.12.0 update to version 7.13.0 or higher"}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO Spotfire Server information disclosure vulnerabilities", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2018-06-26T16:00:00.000Z", "ID": "CVE-2018-5436", "STATE": "PUBLIC", "TITLE": "TIBCO Spotfire Server information disclosure vulnerabilities"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.12.0"}]}}, {"product_name": "TIBCO Spotfire Server", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.8.1"}, {"affected": "=", "version_affected": "=", "version_value": "7.9.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.10.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.11.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.12.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the theoretical possibly that an authenticated user could gain access to user and data source credentials, and then use those credentials for additional access."}]}]}, "references": {"reference_data": [{"name": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436", "refsource": "CONFIRM", "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436"}, {"name": "http://www.tibco.com/services/support/advisories", "refsource": "MISC", "url": "http://www.tibco.com/services/support/advisories"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.12.0 and below update to version 7.13.0 or higher\nTIBCO Spotfire Server versions 7.8.1 and below update to version 7.8.2 or higher\nTIBCO Spotfire Server version 7.9.0 update to version 7.9.1 or higher\nTIBCO Spotfire Server version 7.10.0 update to version 7.10.1 or higher\nTIBCO Spotfire Server version 7.11.0 update to version 7.11.1 or higher\nTIBCO Spotfire Server version 7.12.0 update to version 7.13.0 or higher"}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:33:44.366Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2018-5436", "datePublished": "2018-06-27T16:00:00Z", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-09-17T01:26:22.747Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*", "matchCriteriaId": "07EB5484-D457-4782-B573-874F81C5706B", "versionEndIncluding": "7.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1B19965-8AA4-4B43-99CE-E6CB51D28F92", "versionEndIncluding": "7.8.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7B0EE413-BB3F-4C9A-89CA-C6CFC6361DA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D1C81503-B351-477A-9E19-F2A894B47B3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.11.0:*:*:*:*:*:*:*", "matchCriteriaId": "F60AE38F-9603-47B1-9451-6A9B9D8FC065", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0."}, {"lang": "es", "value": "El componente del servidor Spotfire de TIBCO Spotfire Analytics Platform for AWS Marketplace y TIBCO Spotfire Server, de TIBCO Software Inc., contiene m\u00faltiples vulnerabilidades que podr\u00edan permitir una divulgaci\u00f3n de informaci\u00f3n, incluyendo las credenciales de usuario y de origen de datos. Las versiones afectadas de los productos de TIBCO Software Inc.son TIBCO Spotfire Analytics Platform for AWS Marketplace: versiones hasta e incluyendo la 7.12.0 y TIBCO Spotfire Server: versiones hasta e incluyendo las 7.8.1, 7.9.0, 7.10.0, 7.11.0 y la 7.12.0."}], "id": "CVE-2018-5436", "lastModified": "2019-10-09T23:41:21.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2018-06-27T16:29:00.397", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}