{"containers": {"cna": {"affected": [{"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "10.2.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "TIBCO Spotfire Server", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.11.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.12.0"}, {"status": "affected", "version": "7.13.0"}, {"status": "affected", "version": "7.14.0"}, {"status": "affected", "version": "10.0.0"}, {"status": "affected", "version": "10.0.1"}, {"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "10.2.0"}]}], "datePublic": "2019-05-14T00:00:00", "descriptions": [{"lang": "en", "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-22T07:06:01", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"}, {"name": "108405", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108405"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"}], "source": {"discovery": "USER"}, "title": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2019-05-14T16:00:00.000Z", "ID": "CVE-2019-11206", "STATE": "PUBLIC", "TITLE": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "10.2.0"}]}}, {"product_name": "TIBCO Spotfire Server", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "7.11.2"}, {"affected": "=", "version_affected": "=", "version_value": "7.12.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.13.0"}, {"affected": "=", "version_affected": "=", "version_value": "7.14.0"}, {"affected": "=", "version_affected": "=", "version_value": "10.0.0"}, {"affected": "=", "version_affected": "=", "version_value": "10.0.1"}, {"affected": "=", "version_affected": "=", "version_value": "10.1.0"}, {"affected": "=", "version_affected": "=", "version_value": "10.2.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "MISC", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206", "refsource": "MISC", "url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"}, {"name": "108405", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108405"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"}], "source": {"discovery": "USER"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:48:09.021Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"}, {"name": "108405", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108405"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-11206", "datePublished": "2019-05-14T19:57:29.852145Z", "dateReserved": "2019-04-12T00:00:00", "dateUpdated": "2024-09-16T18:13:40.717Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*", "matchCriteriaId": "E663B6CD-B55A-413D-9FCA-A68B53E98D43", "versionEndIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE197B05-3C6D-42FF-920D-EF3F72F319E0", "versionEndIncluding": "7.11.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."}, {"lang": "es", "value": "El componente Spotfire library de TIBCO Software Inc. TIBCO Spotfire Analytics Platform para AWS Marketplace, y TIBCO Spotfire Server contiene vulnerabilidades que te\u00f3ricamente permiten que un usuario malicioso socave la integridad de los comentarios y marcadores. Las versiones afectadas son la plataforma de an\u00e1lisis TIBCO Spotfire de TIBCO Software Inc. para AWS Marketplace: la versi\u00f3n 10.2.0, y TIBCO Spotfire Server: la versi\u00f3n 7.11.2; versi\u00f3n 7.12.0; versi\u00f3n 7.13.0; versi\u00f3n 7.14.0; versi\u00f3n10.0.0; versi\u00f3n 10.0.1; versi\u00f3n 10.1.0; y versi\u00f3n 10.2.0."}], "id": "CVE-2019-11206", "lastModified": "2023-01-30T18:58:12.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@tibco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-14T20:29:03.090", "references": [{"source": "security@tibco.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108405"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}