PT-2020-20645 · Tibco · Tibco Spotfire Analyst+3
Published
2020-09-15
·
Updated
2020-09-24
·
CVE-2020-9416
CVSS v3.1
8.2
High
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
TIBCO Spotfire Analyst versions 10.7.0 through 10.10.0
TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0 through 10.10.1
TIBCO Spotfire Desktop versions 10.7.0 through 10.10.0
TIBCO Spotfire Server versions 10.7.0 through 10.10.1
Description
The vulnerability in the Spotfire client component allows a legitimate user to inject scripts, which will be executed at the privileges of the victim if the victim is authenticated to the affected system.
Recommendations
For TIBCO Spotfire Analyst versions 10.7.0 through 10.10.0, update to a version that contains a fix for this issue.
For TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0 through 10.10.1, update to a version that contains a fix for this issue.
For TIBCO Spotfire Desktop versions 10.7.0 through 10.10.0, update to a version that contains a fix for this issue.
For TIBCO Spotfire Server versions 10.7.0 through 10.10.1, update to a version that contains a fix for this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Spotfire Analyst
Tibco Spotfire Analytics Platform For Aws Marketplace
Tibco Spotfire Desktop
Tibco Spotfire Server