admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2026 from TIBCOSoftware/TIBCO_Spotfire_Family_2019_05

Browse Source 
TIBCO Spotfire Family vulnerabilities...
This commit is contained in:
CVE Team 2019-05-14 15:57:34 -04:00 committed by GitHub
commit ff85b5a6f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 347 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
2019/11xxx/CVE-2019-11204.json
View File

@ -1,18 +1,95 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11204",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11204",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Statistics Services Exposes Sensitive Files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Statistics Services",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.11.1"
},
{
"affected": "=",
"version_value": "10.0.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"description_data": [
{
"lang": "eng",
"value": "The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user credentials.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions up to and including 7.11.1; 10.0.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that credentials to both the Spotfire Statistics Services server, and to other systems could be exposed."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-statistics-services-2019-11204"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Statistics Services versions 7.11.1 and below update to version 7.11.2 or higher\nTIBCO Spotfire Statistics Services version 10.0.0 update to 10.0.1 or higher\n"
}
],
"source": {
"discovery": "USER"
}
}
}

146
2019/11xxx/CVE-2019-11205.json
View File

@ -1,18 +1,138 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11205",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11205",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Exposes Multiple Reflected Cross-Site Scripting Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "7.14.1"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"description_data": [
{
"lang": "eng",
"value": "The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.\n"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could gain administrative access to the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11205"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 7.14.0, 7.14.1, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher\n"
}
],
"source": {
"discovery": "INTERNAL"
}
}
}

136
2019/11xxx/CVE-2019-11206.json
View File

@ -1,18 +1,130 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11206",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2019-05-14T16:00:00.000Z",
"ID": "CVE-2019-11206",
"STATE": "PUBLIC",
"TITLE": "TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "10.2.0"
}
]
}
},
{
"product_name": "TIBCO Spotfire Server",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "7.11.2"
},
{
"affected": "=",
"version_value": "7.12.0"
},
{
"affected": "=",
"version_value": "7.13.0"
},
{
"affected": "=",
"version_value": "7.14.0"
},
{
"affected": "=",
"version_value": "10.0.0"
},
{
"affected": "=",
"version_value": "10.0.1"
},
{
"affected": "=",
"version_value": "10.1.0"
},
{
"affected": "=",
"version_value": "10.2.0"
}
]
}
}
]
},
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
"description_data": [
{
"lang": "eng",
"value": "The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could remove comments from the system, rename bookmarks, and trick other users about which user authored a comment."
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.tibco.com/services/support/advisories"
},
{
"url": "https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher\nTIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher"
}
],
"source": {
"discovery": "USER"
}
}