admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'TIBCO-Spotfire-2018-Multiple-Vulns' of https://github.com/TIBCOSoftware/cvelist

Browse Source
This commit is contained in:
Cristina Padro 2019-01-16 16:39:32 -05:00
commit 6d892d4e5d
3 changed files with 329 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
2018/18xxx/CVE-2018-18812.json
View File

@ -1,8 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2019-01-16T17:00:00.000Z",
"ID" : "CVE-2018-18812",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "10.0.0"
}
]
}
},
{
"product_name" : "TIBCO Spotfire Server versions",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "7.10.1"
},
{
"affected" : "=",
"version_value" : "7.11.0"
},
{
"affected" : "=",
"version_value" : "7.11.1"
},
{
"affected" : "=",
"version_value" : "7.12.0"
},
{
"affected" : "=",
"version_value" : "7.13.0"
},
{
"affected" : "=",
"version_value" : "7.14.0"
},
{
"affected" : "=",
"version_value" : "10.0.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +72,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.\n"
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that a user with read-only access to the Spotfire Library can modify files stored in the Library. With that capability, among other possibilities, an attack could undermine the integrity of analysis results."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18812"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. In addition, we recommend that server administrators run the command line tool \"check-external-library\" to verify the consistency of the external storage. Please see the Spotfire Server Installation and Administration guide for further details.\n\nFor each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to version 10.0.1 or higher\n"
}
],
"source" : {
"discovery" : "USER"
}
}

114
2018/18xxx/CVE-2018-18813.json
View File

@ -1,8 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2019-01-16T17:00:00.000Z",
"ID" : "CVE-2018-18813",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "10.0.0"
}
]
}
},
{
"product_name" : "TIBCO Spotfire Server",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "7.10.1"
},
{
"affected" : "=",
"version_value" : "7.11.0"
},
{
"affected" : "=",
"version_value" : "7.11.1"
},
{
"affected" : "=",
"version_value" : "7.12.0"
},
{
"affected" : "=",
"version_value" : "7.13.0"
},
{
"affected" : "=",
"version_value" : "7.14.0"
},
{
"affected" : "=",
"version_value" : "10.0.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +72,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks.\n\nAffected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could perform administrative functions provided by the web interface of the affected component."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to version 10.0.1 or higher\n"
}
],
"source" : {
"discovery" : "USER"
}
}

110
2018/18xxx/CVE-2018-18814.json
View File

@ -1,8 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2019-01-16T17:00:00.000Z",
"ID" : "CVE-2018-18814",
"STATE" : "RESERVED"
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Spotfire Authentication Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "10.0.0"
}
]
}
},
{
"product_name" : "TIBCO Spotfire Server",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_value" : "7.10.1"
},
{
"affected" : "=",
"version_value" : "7.11.0"
},
{
"affected" : "=",
"version_value" : "7.11.1"
},
{
"affected" : "=",
"version_value" : "7.12.0"
},
{
"affected" : "=",
"version_value" : "7.13.0"
},
{
"affected" : "=",
"version_value" : "7.14.0"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,8 +68,55 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms.\n\nAffected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18814"
},
{
"url" : "http://www.tibco.com/services/support/advisories"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, and 7.14.0 update to version 10.0.0 or higher"
}
],
"source" : {
"discovery" : "UNKNOWN"
}
}