PT-2017-16558 · Tibco · Tibco Spotfire Analytics Platform For Aws Marketplace+1
Published
2017-05-09
·
Updated
2017-05-23
·
CVE-2017-5527
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO Spotfire Server versions 7.0.0 through 7.0.1
TIBCO Spotfire Server versions 7.5.0 through 7.5.0
TIBCO Spotfire Server versions 7.6.0 through 7.6.0
TIBCO Spotfire Server versions 7.7.0 through 7.7.0
TIBCO Spotfire Server versions 7.8.0 through 7.8.0
Spotfire Analytics Platform for AWS Marketplace version 7.8.0
Description
The issue allows authorized users to perform SQL injection attacks.
Recommendations
For TIBCO Spotfire Server versions 7.0.0 through 7.0.1, update to version 7.0.2 or later.
For TIBCO Spotfire Server versions 7.5.0 through 7.5.0, update to version 7.5.1 or later.
For TIBCO Spotfire Server versions 7.6.0 through 7.6.0, update to version 7.6.1 or later.
For TIBCO Spotfire Server versions 7.7.0 through 7.7.0, update to version 7.7.1 or later.
For TIBCO Spotfire Server versions 7.8.0 through 7.8.0, update to version 7.8.1 or later.
For Spotfire Analytics Platform for AWS Marketplace version 7.8.0, update to a version later than 7.8.0.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Spotfire Analytics Platform For Aws Marketplace
Tibco Spotfire Server