TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: October 27, 2015 - TIBCO Spotfire®
TIBCO Spotfire Server vulnerabilities
Original release date: October 27, 2015
Last revised: --
Source: TIBCO Software Inc.
The TIBCO Spotfire® components listed above contain critical vulnerabilities in the handling of HTTP requests which may result in information disclosure.
CVE-2015-5712 - An authenticated URL may be manipulated to disclose system information.
CVE-2015-5713 - An unauthenticated URL may be manipulated to disclose logging information.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.
- TIBCO Spotfire Server 5.5.3 and below
- TIBCO Spotfire Server 6.0.X version 6.0.4 and below
- TIBCO Spotfire Server 6.5.X version 6.5.3 and below
- TIBCO Spotfire Server 7.0.0
- TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.1 and below
The following components are affected:
- TIBCO Spotfire Parsing Library
- TIBCO Spotfire Security Filter
The impact of this vulnerability is information disclosure.
CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
For each affected system, update to the corresponding software versions:
- TIBCO Spotfire Server 5.5.X version 5.5.4 or higher
- TIBCO Spotfire Server 6.0.X version 6.0.5 or higher
- TIBCO Spotfire Server 6.5.X version 6.5.4 or higher
- TIBCO Spotfire Server 7.0.1 or higher
- TIBCO Spotfire Analytics Platform for AWS Marketplace version 7.0.2 or higher