CVE-2018-18812

Name of the Vulnerable Software and Affected Versions TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0 TIBCO Spotfire Server versions up to and including 7.14.0, 10.0.0

Description The Spotfire Library component contains an issue that might fail to restrict users with read-only access from modifying files stored in the Spotfire Library when it is configured to use external storage.

Recommendations For TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, update to a version later than 10.0.0 to resolve the issue. For TIBCO Spotfire Server versions up to and including 7.14.0, update to a version later than 7.14.0 to resolve the issue. For TIBCO Spotfire Server version 10.0.0, update to a version later than 10.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the Spotfire Library when it is configured to use external storage to minimize the risk of exploitation.