CVE-2014-2544

Published: Apr 10, 2014Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.

Affected (37)

Products: Tibco: Web Player, Automation Services, Spotfire Server, Spotfire Professional, Analyst, Desktop, Deployment Kit

7 products

Spotfire Professional

Analyst

Desktop

Deployment Kit

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Tibco Web Player	Up to 4.0.3
Tibco Web Player	Version 4.5.0
Tibco Web Player	Version 4.5.1
Tibco Web Player	Version 5.0.0
Tibco Web Player	Version 5.0.1
Tibco Web Player	Version 5.5.0
Tibco Web Player	Version 6.0.0

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Tibco Automation Services	Up to 4.0.3
Tibco Automation Services	Version 4.5.0
Tibco Automation Services	Version 4.5.1
Tibco Automation Services	Version 5.0.0
Tibco Automation Services	Version 5.0.1
Tibco Automation Services	Version 5.5.0
Tibco Automation Services	Version 6.0.0

Configuration C

7 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Server	Up to 3.3.3
Tibco Spotfire Server	Version 4.5.0
Tibco Spotfire Server	Version 5.0.0
Tibco Spotfire Server	Version 5.0.1
Tibco Spotfire Server	Version 5.5.0
Tibco Spotfire Server	Version 6.0.0
Tibco Spotfire Server	Version 6.0.1

Configuration D

7 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Professional	Up to 4.0.3
Tibco Spotfire Professional	Version 4.5.0
Tibco Spotfire Professional	Version 4.5.1
Tibco Spotfire Professional	Version 5.0.0
Tibco Spotfire Professional	Version 5.0.1
Tibco Spotfire Professional	Version 5.5.0
Tibco Spotfire Professional	Version 6.0.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Tibco Analyst	Up to 6.0.0
Tibco Desktop	Up to 6.0.0

Configuration F

7 vulnerable

Vulnerable Software	Affected Versions
Tibco Deployment Kit	Up to 4.0.3
Tibco Deployment Kit	Version 4.5.0
Tibco Deployment Kit	Version 4.5.1
Tibco Deployment Kit	Version 5.0.0
Tibco Deployment Kit	Version 5.0.1
Tibco Deployment Kit	Version 5.5.0
Tibco Deployment Kit	Version 6.0.0

References (4)

http://www.tibco.com/mk/advisory.jsp

Source: cve@mitre.org

Vendor Advisory

http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt

Source: cve@mitre.org

Vendor Advisory

http://www.tibco.com/mk/advisory.jsp

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.tibco.com/multimedia/spotfire_advisory_20140409_tcm8-20764.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.