TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: March 26, 2019 - TIBCO Spotfire Data Science - 2019-8989
TIBCO Spotfire Data Science Spoofing Vulnerability
Original release date: March 26, 2019
Source: TIBCO Software Inc.
- TIBCO Data Science for AWS versions 6.4.0 and below
- TIBCO Spotfire Data Science versions 6.4.0 and below
The following component is affected:
- application server
The component listed above contains a vulnerability that theoretically enables a user to spoof their account to look like a different user in the affected system.
The impact of this vulnerability includes the theoretical possibility that a user of the system could temporarily fool another user of the system into believing they were someone else.
CVSS v3 Base Score: 5.0 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
TIBCO has released updated versions of the affected systems which address these issues.
- TIBCO Data Science for AWS versions 6.4.0 and below upgrade to version 6.4.1 or higher
- TIBCO Spotfire Data Science versions 6.4.0 and below upgrade to version 6.4.1 or higher