CVE-2015-5712: Infoleak
First published: Wed Oct 28 2015(Updated: )
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analytics Platform for AWS | <=7.0.1 | |
| TIBCO Spotfire | =5.0.0 | |
| TIBCO Spotfire | =5.0.1 | |
| TIBCO Spotfire | =5.0.2 | |
| TIBCO Spotfire | =5.5.0 | |
| TIBCO Spotfire | =5.5.1 | |
| TIBCO Spotfire | =5.5.2 | |
| TIBCO Spotfire | =5.5.3 | |
| TIBCO Spotfire | =6.0.0 | |
| TIBCO Spotfire | =6.0.1 | |
| TIBCO Spotfire | =6.0.2 | |
| TIBCO Spotfire | =6.0.3 | |
| TIBCO Spotfire | =6.0.4 | |
| TIBCO Spotfire | =6.5.0 | |
| TIBCO Spotfire | =6.5.1 | |
| TIBCO Spotfire | =6.5.2 | |
| TIBCO Spotfire | =6.5.3 | |
| TIBCO Spotfire | =7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-5712?
CVE-2015-5712 has been categorized with a medium severity level due to its potential for sensitive information exposure.
How do I fix CVE-2015-5712?
To resolve CVE-2015-5712, update TIBCO Spotfire Server to version 5.5.4 or later, 6.0.5 or later, 6.5.4 or later, or 7.0.1 or later.
Which versions of TIBCO Spotfire are affected by CVE-2015-5712?
Affected versions include TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1.
Can unauthenticated users exploit CVE-2015-5712?
No, CVE-2015-5712 requires remote authenticated users to exploit the vulnerability.
What kind of information could be exposed due to CVE-2015-5712?
CVE-2015-5712 can allow authenticated remote users to obtain sensitive system information from affected instances of TIBCO Spotfire.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tibco
- canonical/tibco spotfire analytics platform for aws
- version/tibco spotfire analytics platform for aws/7.0.1
- canonical/tibco spotfire
- version/tibco spotfire/5.0.0
- version/tibco spotfire/5.0.1
- version/tibco spotfire/5.0.2
- version/tibco spotfire/5.5.0
- version/tibco spotfire/5.5.1
- version/tibco spotfire/5.5.2
- version/tibco spotfire/5.5.3
- version/tibco spotfire/6.0.0
- version/tibco spotfire/6.0.1
- version/tibco spotfire/6.0.2
- version/tibco spotfire/6.0.3
- version/tibco spotfire/6.0.4
- version/tibco spotfire/6.5.0
- version/tibco spotfire/6.5.1
- version/tibco spotfire/6.5.2
- version/tibco spotfire/6.5.3
- version/tibco spotfire/7.0.0