TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: March 26, 2019 - TIBCO Spotfire Data Science - 2019-8987
- TIBCO Data Science for AWS versions 6.4.0 and below
- TIBCO Spotfire Data Science versions 6.4.0 and below
The following component is affected:
- application server
The component listed above contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users.
The impact of these multiple vulnerabilities includes the theoretical possibility that a malicious actor could gain more privileged access to the web server component.
CVSS v3 Base Score: 7.6 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L
TIBCO has released updated versions of the affected systems which address these issues.
- TIBCO Data Science for AWS versions 6.4.0 and below upgrade to version 6.4.1 or higher
- TIBCO Spotfire Data Science versions 6.4.0 and below upgrade to version 6.4.1 or higher