TIBCO Spotfire vulnerabilities Original release date: Mar 8, 2012 Last revised: -- Source: TIBCO Software Inc. Systems Affected TIBCO Spotfire Analytics Server below 10.1.2 TIBCO Spotfire Server below 3.1.3 TIBCO Spotfire Server 3.2.X versions below 3.2.2 TIBCO Spotfire Server 3.3.X versions below 3.3.3 TIBCO Spotfire Web Player below 3.1.1 TIBCO Spotfire Web Player 3.2.X versions below 3.2.2 TIBCO Spotfire Web Player 3.3.X versions below 3.3.2 TIBCO Spotfire Web Player 4.0.X versions below 4.0.2 TIBCO Spotfire Automation Services below 3.1.1 TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2 TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2 TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2 TIBCO Spotfire Professional below 3.1.1 TIBCO Spotfire Professional 3.2.x versions below 3.2.2 TIBCO Spotfire Professional 3.3.x versions below 3.3.2 TIBCO Spotfire Professional 4.0.x versions below 4.0.2 The following components are affected: * TIBCO Spotfire Web Application * TIBCO Spotfire Web Player Application * TIBCO Spotfire Automation Services Application * TIBCO Spotfire Analytics Client Application Description The TIBCO Spotfire components listed above are affected by the following critical vulnerability: CVE-2012-0690 - Carefully crafted URLs may result in information disclosure. TIBCO has released updated versions of the affected components which address this issue. TIBCO strongly recommends sites running the affected components to install the applicable update as described below. Impact The impact of these vulnerabilities may include information modification, information disclosure, and denial of service. Solution For each affected system, update to the corresponding software versions: TIBCO Spotfire Analytics Server version 10.1.2 or higher TIBCO Spotfire Server 3.1.X version 3.1.3 or higher TIBCO Spotfire Server 3.2.X version 3.2.2 or higher TIBCO Spotfire Server 3.3.3 or higher TIBCO Spotfire Web Player 3.1.X version 3.1.1 or higher TIBCO Spotfire Web Player 3.2.X version 3.2.2 or higher TIBCO Spotfire Web Player 3.3.X version 3.3.2 or higher TIBCO Spotfire Web Player 4.0.2 or higher TIBCO Spotfire Automation Services 3.1.X version 3.1.1 or higher TIBCO Spotfire Automation Services 3.2.X version 3.2.2 or higher TIBCO Spotfire Automation Services 3.3.X version 3.3.2 or higher TIBCO Spotfire Automation Services 4.0.2 or higher TIBCO Spotfire Professional 3.1.X version 3.1.1 or higher TIBCO Spotfire Professional 3.2.X version 3.2.2 or higher TIBCO Spotfire Professional 3.3.X version 3.3.2 or higher TIBCO Spotfire Professional 4.0.2 or higher References http://www.tibco.com/mk/advisory.jsp CVE: CVE-2012-0690