CVE-2013-2373

Published: Mar 15, 2013Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.

Affected (7)

Products: Tibco: Spotfire Web Player

1 product

Spotfire Web Player

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Web Player	Version 3.3.2
Tibco Spotfire Web Player	Version 3.3

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Web Player	Version 4.0.1
Tibco Spotfire Web Player	Version 4.0.2
Tibco Spotfire Web Player	Version 4.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Web Player	Version 4.5.0

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Web Player	Version 5.0.0

Related CWEs

References (6)

http://www.tibco.com/mk/advisory.jsp

Source: cve@mitre.org

Vendor Advisory

http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt

Source: cve@mitre.org

Vendor Advisory

http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

Source: cve@mitre.org

Vendor Advisory

http://www.tibco.com/mk/advisory.jsp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.