First published: Fri Mar 15 2013(Updated: )
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
TIBCO Spotfire Web Player | =3.3 | |
TIBCO Spotfire Web Player | =3.3.2 | |
TIBCO Spotfire Web Player | =4.0 | |
TIBCO Spotfire Web Player | =4.0.1 | |
TIBCO Spotfire Web Player | =4.0.2 | |
TIBCO Spotfire Web Player | =4.5.0 | |
TIBCO Spotfire Web Player | =5.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-2373 has been classified as a medium severity vulnerability due to its potential for unauthorized access to sensitive information.
To fix CVE-2013-2373, update TIBCO Spotfire Web Player to the latest version, specifically versions 3.3.3, 4.0.3, 4.5.1, or 5.0.1 or later.
CVE-2013-2373 affects TIBCO Spotfire Web Player versions 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1.
CVE-2013-2373 is an access control vulnerability that allows unauthorized access and data modification.
Yes, CVE-2013-2373 can allow remote attackers to obtain sensitive information if exploited.