Vulnerability Details CVE-2019-17337
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.3
References
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337
- http://www.tibco.com/services/support/advisories
- https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17337
Products affected by CVE-2019-17337
-
cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:10.6.0
-
cpe:2.3:a:tibco:spotfire_server:10.0.0
-
cpe:2.3:a:tibco:spotfire_server:10.0.1
-
cpe:2.3:a:tibco:spotfire_server:10.1.0
-
cpe:2.3:a:tibco:spotfire_server:10.2.0
-
cpe:2.3:a:tibco:spotfire_server:10.2.1
-
cpe:2.3:a:tibco:spotfire_server:10.3.0
-
cpe:2.3:a:tibco:spotfire_server:10.3.1
-
cpe:2.3:a:tibco:spotfire_server:10.3.2
-
cpe:2.3:a:tibco:spotfire_server:10.3.3
-
cpe:2.3:a:tibco:spotfire_server:10.3.4
-
cpe:2.3:a:tibco:spotfire_server:10.4.0
-
cpe:2.3:a:tibco:spotfire_server:10.5.0
-
cpe:2.3:a:tibco:spotfire_server:10.6.0
-
cpe:2.3:a:tibco:spotfire_server:4.5.1
-
cpe:2.3:a:tibco:spotfire_server:5.0.2
-
cpe:2.3:a:tibco:spotfire_server:5.5.1
-
cpe:2.3:a:tibco:spotfire_server:5.5.2
-
cpe:2.3:a:tibco:spotfire_server:5.5.3
-
cpe:2.3:a:tibco:spotfire_server:6.0.2
-
cpe:2.3:a:tibco:spotfire_server:6.0.3
-
cpe:2.3:a:tibco:spotfire_server:6.0.4
-
cpe:2.3:a:tibco:spotfire_server:6.5.0
-
cpe:2.3:a:tibco:spotfire_server:6.5.1
-
cpe:2.3:a:tibco:spotfire_server:6.5.2
-
cpe:2.3:a:tibco:spotfire_server:6.5.3
-
cpe:2.3:a:tibco:spotfire_server:7.0.0
-
cpe:2.3:a:tibco:spotfire_server:7.0.1
-
cpe:2.3:a:tibco:spotfire_server:7.0.2
-
cpe:2.3:a:tibco:spotfire_server:7.10.0
-
cpe:2.3:a:tibco:spotfire_server:7.10.1
-
cpe:2.3:a:tibco:spotfire_server:7.10.2
-
cpe:2.3:a:tibco:spotfire_server:7.11.0
-
cpe:2.3:a:tibco:spotfire_server:7.11.1
-
cpe:2.3:a:tibco:spotfire_server:7.11.2
-
cpe:2.3:a:tibco:spotfire_server:7.11.3
-
cpe:2.3:a:tibco:spotfire_server:7.11.4
-
cpe:2.3:a:tibco:spotfire_server:7.11.5
-
cpe:2.3:a:tibco:spotfire_server:7.11.6
-
cpe:2.3:a:tibco:spotfire_server:7.11.7
-
cpe:2.3:a:tibco:spotfire_server:7.12.0
-
cpe:2.3:a:tibco:spotfire_server:7.13.0
-
cpe:2.3:a:tibco:spotfire_server:7.14.0
-
cpe:2.3:a:tibco:spotfire_server:7.5.0
-
cpe:2.3:a:tibco:spotfire_server:7.5.1
-
cpe:2.3:a:tibco:spotfire_server:7.6.0
-
cpe:2.3:a:tibco:spotfire_server:7.6.1
-
cpe:2.3:a:tibco:spotfire_server:7.7.0
-
cpe:2.3:a:tibco:spotfire_server:7.7.1
-
cpe:2.3:a:tibco:spotfire_server:7.8.0
-
cpe:2.3:a:tibco:spotfire_server:7.8.1
-
cpe:2.3:a:tibco:spotfire_server:7.8.2
-
cpe:2.3:a:tibco:spotfire_server:7.9.0
-
cpe:2.3:a:tibco:spotfire_server:7.9.1