CVE-2017-3180

Name of the Vulnerable Software and Affected Versions: TIBCO Silver Fabric Enabler for Spotfire Web Player versions 2.1.2 and earlier TIBCO Spotfire Analyst versions 7.5.0 through 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.0.2 and earlier TIBCO Spotfire Automation Services versions 6.5.3 and earlier, 7.0.0, and 7.0.1 TIBCO Spotfire Connectors version 7.6.0 TIBCO Spotfire Deployment Kit versions 6.5.3 and earlier, 7.0.0, 7.0.1, 7.5.0, 7.6.0, 7.7.0 TIBCO Spotfire Desktop versions 6.5.2 and earlier, 7.0.0, 7.0.1, 7.5.0, 7.6.0, 7.7.0 TIBCO Spotfire Desktop Developer Edition version 7.7.0 TIBCO Spotfire Desktop Language Packs versions 7.0.1 and earlier, 7.5.0, 7.6.0, 7.7.0 TIBCO Spotfire Professional versions 6.5.3 and earlier, 7.0.0, and 7.0.1 TIBCO Spotfire Web Player versions 6.5.3 and earlier, 7.0.0, and 7.0.1

Description: The issue arises from the failure to properly sanitize user-supplied input, leading to multiple unspecified cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user, potentially stealing cookie-based authentication credentials and launching other attacks.

Recommendations: For TIBCO Silver Fabric Enabler for Spotfire Web Player versions 2.1.2 and earlier, update to a version later than 2.1.2. For TIBCO Spotfire Analyst versions 7.5.0 through 7.7.0, update to a version later than 7.7.0. For TIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.0.2 and earlier, update to a version later than 7.0.2. For TIBCO Spotfire Automation Services versions 6.5.3 and earlier, 7.0.0, and 7.0.1, update to a version later than 7.0.1. For TIBCO Spotfire Connectors version 7.6.0, update to a version later than 7.6.0. For TIBCO Spotfire Deployment Kit versions 6.5.3 and earlier, 7.0.0, 7.0.1, 7.5.0, 7.6.0, 7.7.0, update to a version later than 7.7.0. For TIBCO Spotfire Desktop versions 6.5.2 and earlier, 7.0.0, 7.0.1, 7.5.0, 7.6.0, 7.7.0, update to a version later than 7.7.0. For TIBCO Spotfire Desktop Developer Edition version 7.7.0, update to a version later than 7.7.0. For TIBCO Spotfire Desktop Language Packs versions 7.0.1 and earlier, 7.5.0, 7.6.0, 7.7.0, update to a version later than 7.7.0. For TIBCO Spotfire Professional versions 6.5.3 and earlier, 7.0.0, and 7.0.1, update to a version later than 7.0.1. For TIBCO Spotfire Web Player versions 6.5.3 and earlier, 7.0.0, and 7.0.1, update to a version later than 7.0.1. As a temporary workaround, consider restricting user input to minimize the risk of exploitation.