TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting Original release date: December 17, 2019 Last revised: --- Source: TIBCO Software Inc. Systems Affected TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 TIBCO Spotfire Server versions 7.11.7 and below TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 TIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 The following component is affected: * Spotfire library Description The component listed above contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Impact The impact of the vulnerability includes the theoretical possibility that an attacker could gain full administrative access to the web interface of the affected component. CVSS v3 Base Score: 8.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) Solution TIBCO has released updated versions of the affected systems which address this issue: TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher TIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher TIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher References http://www.tibco.com/services/support/advisories CVE-2019-17337