CVE-2019-17337

Published: Dec 17, 2019Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.5

Source: NVD

Description

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.

Affected (18)

Products: Tibco: Spotfire Analytics Platform For Aws, Spotfire Server

Tibco

2 products

Spotfire Analytics Platform For Aws

Spotfire Server

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Tibco Spotfire Analytics Platform For Aws	Version 10.6.0
Tibco Spotfire Server	Up to 7.11.7
Tibco Spotfire Server	Version 10.0.0
Tibco Spotfire Server	Version 10.0.1
Tibco Spotfire Server	Version 10.1.0
Tibco Spotfire Server	Version 10.2.0
Tibco Spotfire Server	Version 10.2.1
Tibco Spotfire Server	Version 10.3.0
Tibco Spotfire Server	Version 10.3.1
Tibco Spotfire Server	Version 10.3.2
Tibco Spotfire Server	Version 10.3.3
Tibco Spotfire Server	Version 10.3.4
Tibco Spotfire Server	Version 10.4.0
Tibco Spotfire Server	Version 10.5.0
Tibco Spotfire Server	Version 10.6.0
Tibco Spotfire Server	Version 7.12.0
Tibco Spotfire Server	Version 7.13.0
Tibco Spotfire Server	Version 7.14.0