{"containers": {"cna": {"affected": [{"product": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "vendor": "TIBCO Software Inc.", "versions": [{"status": "affected", "version": "10.6.0"}]}, {"product": "TIBCO Spotfire Server", "vendor": "TIBCO Software Inc.", "versions": [{"lessThanOrEqual": "7.11.7", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"status": "affected", "version": "7.12.0"}, {"status": "affected", "version": "7.13.0"}, {"status": "affected", "version": "7.14.0"}, {"status": "affected", "version": "10.0.0"}, {"status": "affected", "version": "10.0.1"}, {"status": "affected", "version": "10.1.0"}, {"status": "affected", "version": "10.2.0"}, {"status": "affected", "version": "10.2.1"}, {"status": "affected", "version": "10.3.0"}, {"status": "affected", "version": "10.3.1"}, {"status": "affected", "version": "10.3.2"}, {"status": "affected", "version": "10.3.3"}, {"status": "affected", "version": "10.3.4"}, {"status": "affected", "version": "10.4.0"}, {"status": "affected", "version": "10.5.0"}, {"status": "affected", "version": "10.6.0"}]}], "datePublic": "2019-12-17T00:00:00", "descriptions": [{"lang": "en", "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-12-17T20:55:18", "orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"}], "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"}], "source": {"discovery": "INTERNAL"}, "title": "TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@tibco.com", "DATE_PUBLIC": "2019-12-17T17:00:00Z", "ID": "CVE-2019-17337", "STATE": "PUBLIC", "TITLE": "TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace", "version": {"version_data": [{"version_affected": "=", "version_value": "10.6.0"}]}}, {"product_name": "TIBCO Spotfire Server", "version": {"version_data": [{"version_affected": "<=", "version_value": "7.11.7"}, {"version_affected": "=", "version_value": "7.12.0"}, {"version_affected": "=", "version_value": "7.13.0"}, {"version_affected": "=", "version_value": "7.14.0"}, {"version_affected": "=", "version_value": "10.0.0"}, {"version_affected": "=", "version_value": "10.0.1"}, {"version_affected": "=", "version_value": "10.1.0"}, {"version_affected": "=", "version_value": "10.2.0"}, {"version_affected": "=", "version_value": "10.2.1"}, {"version_affected": "=", "version_value": "10.3.0"}, {"version_affected": "=", "version_value": "10.3.1"}, {"version_affected": "=", "version_value": "10.3.2"}, {"version_affected": "=", "version_value": "10.3.3"}, {"version_affected": "=", "version_value": "10.3.4"}, {"version_affected": "=", "version_value": "10.4.0"}, {"version_affected": "=", "version_value": "10.5.0"}, {"version_affected": "=", "version_value": "10.6.0"}]}}]}, "vendor_name": "TIBCO Software Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component."}]}]}, "references": {"reference_data": [{"name": "http://www.tibco.com/services/support/advisories", "refsource": "MISC", "url": "http://www.tibco.com/services/support/advisories"}, {"name": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337", "refsource": "MISC", "url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"}]}, "solution": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher\nTIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher\nTIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher"}], "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:40:14.494Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.tibco.com/services/support/advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"}]}]}, "cveMetadata": {"assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "cveId": "CVE-2019-17337", "datePublished": "2019-12-17T20:55:18.595101Z", "dateReserved": "2019-10-07T00:00:00", "dateUpdated": "2024-09-16T21:02:56.222Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "74725E74-1940-4DD4-ABC2-C417CE911A83", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "62BF3477-0361-4F52-B900-BFC093EA911E", "versionEndIncluding": "7.11.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.12.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F59A46F-9E34-4354-AB7D-73A253014BA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "97B691A6-B273-4880-AD61-53169C4C3CEC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:7.14.0:*:*:*:*:*:*:*", "matchCriteriaId": "47E57AE2-D98C-4231-9E56-A5EE8B5BC0AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "933FA68E-688B-40E6-A49B-952C3CC7123C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "55C0068C-761E-4B11-9FB3-D1F038B789D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5C854AEB-1870-4AC1-828C-BCDA9EC92956", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "F5203DA4-7F5D-4221-9CC0-00FE30B6F388", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "62045408-6021-44AB-80DA-92D22D373F47", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "121DE084-9E95-4768-872B-16B12DC421BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "11F3CAA3-510B-400B-927E-8BEBB6DEFC9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "B75EF05E-A26B-4DAA-8550-80119A12149A", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "6C6CF19F-CD9D-4174-B6D0-EE65DACCF8EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "107D36D1-83C9-463E-B87D-B6CA67381EE8", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "12B0BE70-96A5-40BA-B990-5C831EB2B043", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "2886371B-CDE7-4352-8F94-5455A6C0B59B", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:spotfire_server:10.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "5413400F-1A04-4340-B75A-9BFE1BD3FEC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0."}, {"lang": "es", "value": "El componente de la biblioteca de Spotfire de TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform para AWS Marketplace y TIBCO Spotfire Server, contiene una vulnerabilidad que te\u00f3ricamente permite a un atacante realizar un ataque de tipo cross-site scripting (XSS) reflejado. Las versiones afectadas son TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform para AWS Marketplace: versi\u00f3n 10.6.0 y TIBCO Spotfire Server: versiones 7.11.7 y por debajo , versiones 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3 y 10.3.4, versiones 10.4.0, 10.5.0 y 10.6.0 ."}], "id": "CVE-2019-17337", "lastModified": "2019-12-20T19:56:11.953", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@tibco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-17T21:15:12.507", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "http://www.tibco.com/services/support/advisories"}, {"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}