TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: May 9, 2017 - TIBCO Spotfire® Server
TIBCO Spotfire® injection vulnerabilities
Original release date: May 9, 2017
Last revised: --
Source: TIBCO Software Inc.
- TIBCO Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier
- TIBCO Spotfire® Server 7.0.0
- TIBCO Spotfire® Server 7.0.1
- TIBCO Spotfire® Server 7.5.0
- TIBCO Spotfire® Server 7.6.0
- TIBCO Spotfire® Server 7.7.0
- TIBCO Spotfire® Server 7.8.0
The Spotfire components listed above contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.
The impact of this vulnerability includes the theoretical disclosure of confidential data.
CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
- TIBCO Spotfire Analytics Platform for AWS Marketplace version 7.8.1 or higher
- TIBCO Spotfire Server 7.0.X version 7.0.2 or higher
- TIBCO Spotfire Server 7.5.0 version 7.5.1 or higher
- TIBCO Spotfire Server 7.6.0 version 7.6.1 or higher
- TIBCO Spotfire Server 7.7.0 version 7.7.1 or higher
- TIBCO Spotfire Server 7.8.0 version 7.8.1 or higher