PT-2019-15097 · Tibco · Tibco Spotfire Analytics Platform For Aws Marketplace+1
Published
2019-12-17
·
Updated
2019-12-20
·
CVE-2019-17337
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0
TIBCO Spotfire Server versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.4.0, 10.5.0, and 10.6.0
Description
The Spotfire library component contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack.
Recommendations
For TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0, update to a version that contains a fix for this issue.
For TIBCO Spotfire Server versions 7.11.7 and below, update to a version that contains a fix for this issue.
For TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, 10.3.4, 10.4.0, 10.5.0, and 10.6.0, update to a version that contains a fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Spotfire Analytics Platform For Aws Marketplace
Tibco Spotfire Server