The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Advisories
Source ID Title
EUVD EUVD EUVD-2019-7746 The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Fixes

Solution

TIBCO has released updated versions of the affected components which address these issues. TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher TIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher TIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: tibco

Published:

Updated: 2024-09-16T20:58:01.616Z

Reserved: 2019-10-07T00:00:00

Link: CVE-2019-17335

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-12-17T21:15:12.300

Modified: 2024-11-21T04:32:06.637

Link: CVE-2019-17335

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.