← Back

CVE-2018-18812

nvd nist
Published: Jan 16, 2019Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.6 / Impact: 3.6
Source: NVD

Description

The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.

Affected (8)

Tibco
2 products
Spotfire Analytics Platform For Aws
Spotfire Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Spotfire Analytics Platform For Aws
Up to 10.0.0
Tibco
Spotfire Server
Up to 7.10.1
Spotfire Server
Version 10.0.0
Spotfire Server
Version 7.11.0
Spotfire Server
Version 7.11.1
Spotfire Server
Version 7.12.0
Spotfire Server
Version 7.13.0
Spotfire Server
Version 7.14.0

Related CWEs

CWE-732
Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (6)

Source: security@tibco.com
Third Party AdvisoryVDB Entry
Source: security@tibco.com
Vendor Advisory
Source: security@tibco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.