The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106635 | Third Party Advisory VDB Entry |
http://www.tibco.com/services/support/advisories | Vendor Advisory |
https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812 | Vendor Advisory |
http://www.securityfocus.com/bid/106635 | Third Party Advisory VDB Entry |
http://www.tibco.com/services/support/advisories | Vendor Advisory |
https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:56
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 6.5 |
References | () http://www.securityfocus.com/bid/106635 - Third Party Advisory, VDB Entry | |
References | () http://www.tibco.com/services/support/advisories - Vendor Advisory | |
References | () https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812 - Vendor Advisory |
Information
Published : 2019-01-16 22:29
Updated : 2024-11-21 03:56
NVD link : CVE-2018-18812
Mitre link : CVE-2018-18812
CVE.ORG link : CVE-2018-18812
JSON object : View
Products Affected
tibco
- spotfire_analytics_platform_for_aws
- spotfire_server
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource