CVE-2020-9417

Name of the Vulnerable Software and Affected Versions TIBCO Foresight Archive and Retrieval System versions 5.1.0 and below, version 5.2.0 TIBCO Foresight Archive and Retrieval System Healthcare Edition versions 5.1.0 and below, version 5.2.0 TIBCO Foresight Operational Monitor versions 5.1.0 and below, version 5.2.0 TIBCO Foresight Operational Monitor Healthcare Edition versions 5.1.0 and below, version 5.2.0 TIBCO Foresight Transaction Insight versions 5.1.0 and below, version 5.2.0 TIBCO Foresight Transaction Insight Healthcare Edition versions 5.1.0 and below, version 5.2.0

Description The Transaction Insight reporting component contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection.

Recommendations For TIBCO Foresight Archive and Retrieval System versions 5.1.0 and below, version 5.2.0, update to a version that includes the fix for this issue. For TIBCO Foresight Archive and Retrieval System Healthcare Edition versions 5.1.0 and below, version 5.2.0, update to a version that includes the fix for this issue. For TIBCO Foresight Operational Monitor versions 5.1.0 and below, version 5.2.0, update to a version that includes the fix for this issue. For TIBCO Foresight Operational Monitor Healthcare Edition versions 5.1.0 and below, version 5.2.0, update to a version that includes the fix for this issue. For TIBCO Foresight Transaction Insight versions 5.1.0 and below, version 5.2.0, update to a version that includes the fix for this issue. For TIBCO Foresight Transaction Insight Healthcare Edition versions 5.1.0 and below, version 5.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Transaction Insight reporting component to minimize the risk of exploitation.