TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: March 26, 2019 - TIBCO Spotfire Data Science - 2019-8988
TIBCO Spotfire Data Science Privilege Escalation Vulnerability
Original release date: March 26, 2019
Source: TIBCO Software Inc.
- TIBCO Data Science for AWS versions 6.4.0 and below
- TIBCO Spotfire Data Science versions 6.4.0 and below
The following component is affected:
- application server
The component listed above contains a vulnerability that theoretically allows a user to escalate their privileges on the affected system, in a way that may allow for data modifications and deletions that should be denied.
The impact of this vulnerability includes the theoretical possibility that a malicious actor could modify or delete data on the system that they should not be able to change, affecting the output that others might see.
CVSS v3 Base Score: 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
TIBCO has released updated versions of the affected systems which address these issues.
- TIBCO Data Science for AWS versions 6.4.0 and below upgrade to version 6.4.1 or higher
- TIBCO Spotfire Data Science versions 6.4.0 and below upgrade to version 6.4.1 or higher