CVE-2017-3181

Name of the Vulnerable Software and Affected Versions: TIBCO Spotfire Analyst version 7.7.0 TIBCO Spotfire Connectors version 7.6.0 TIBCO Spotfire Deployment Kit version 7.7.0 TIBCO Spotfire Desktop versions 7.6.0 through 7.7.0 TIBCO Spotfire Desktop Developer Edition version 7.7.0 TIBCO Spotfire Desktop Language Packs versions 7.6.0 through 7.7.0

Description: The issue arises from the failure to properly sanitize user-supplied input before using it in an SQL query, leading to SQL-injection vulnerabilities. This could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Recommendations: For TIBCO Spotfire Analyst version 7.7.0, update to a version that properly sanitizes user input. For TIBCO Spotfire Connectors version 7.6.0, update to a version that properly sanitizes user input. For TIBCO Spotfire Deployment Kit version 7.7.0, update to a version that properly sanitizes user input. For TIBCO Spotfire Desktop versions 7.6.0 through 7.7.0, update to a version that properly sanitizes user input. For TIBCO Spotfire Desktop Developer Edition version 7.7.0, update to a version that properly sanitizes user input. For TIBCO Spotfire Desktop Language Packs versions 7.6.0 through 7.7.0, update to a version that properly sanitizes user input. As a temporary workaround, consider restricting access to the TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components until a patch is available.