TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: May 14, 2019 - TIBCO Spotfire Server - 2019-11206
- TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below
- TIBCO Spotfire Server versions 7.11.2 and below
- TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0
The following component is affected:
- Spotfire library
The component listed above contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks.
The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment.
CVSS v3 Base Score: 4.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
TIBCO has released updated versions of the affected components which address these issues.
- TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher
- TIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher
- TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher