PT-2022-20187 · Tibco Software · Tibco Spotfire Server+1
Published
2022-09-20
·
Updated
2025-05-28
·
CVE-2022-30579
CVSS v3.1
8.4
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
TIBCO Spotfire Analytics Platform for AWS Marketplace version 12.0.0
TIBCO Spotfire Server version 12.0.0
Description
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system.
Recommendations
For TIBCO Spotfire Analytics Platform for AWS Marketplace version 12.0.0, update to a version that contains a fix for this issue.
For TIBCO Spotfire Server version 12.0.0, update to a version that contains a fix for this issue.
As a temporary workaround, consider restricting network access to the Web Player component to minimize the risk of exploitation.
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tibco Spotfire Analytics Platform For Aws Marketplace
Tibco Spotfire Server