CVE-2017-3181: Multiple TIBCO Spotfire components are vulnerable to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query
First published: Tue Jul 24 2018(Updated: )
Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analyst | =7.7.0 | |
| TIBCO Spotfire Client | ||
| TIBCO Spotfire Connectors | =7.6.0 | |
| TIBCO Spotfire Deployment Kit | =7.7.0 | |
| TIBCO Spotfire Desktop | =7.6.0 | |
| TIBCO Spotfire Desktop | =7.7.0 | |
| TIBCO Spotfire Desktop | =7.7.0 | |
| TIBCO Spotfire Desktop Language Packs | =7.6.0 | |
| TIBCO Spotfire Desktop Language Packs | =7.7.0 | |
| TIBCO Spotfire Web Player Client |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2017-3181?
CVE-2017-3181 is a vulnerability in multiple TIBCO products that allows attackers to perform SQL injection attacks.
What is the severity of CVE-2017-3181?
CVE-2017-3181 has a severity rating of 9.8, which is considered critical.
How does CVE-2017-3181 affect TIBCO Spotfire Analyst?
TIBCO Spotfire Analyst version 7.7.0 is affected by CVE-2017-3181.
How does CVE-2017-3181 affect TIBCO Spotfire Desktop?
TIBCO Spotfire Desktop versions 7.6.0 and 7.7.0 are affected by CVE-2017-3181.
How can I fix CVE-2017-3181?
To fix CVE-2017-3181, it is recommended to update the affected TIBCO products to a version that has addressed the SQL injection vulnerabilities.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/title
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/tibco
- canonical/tibco spotfire analyst
- version/tibco spotfire analyst/7.7.0
- canonical/tibco spotfire client
- canonical/tibco spotfire connectors
- version/tibco spotfire connectors/7.6.0
- canonical/tibco spotfire deployment kit
- version/tibco spotfire deployment kit/7.7.0
- canonical/tibco spotfire desktop
- version/tibco spotfire desktop/7.6.0
- version/tibco spotfire desktop/7.7.0
- canonical/tibco spotfire desktop language packs
- version/tibco spotfire desktop language packs/7.6.0
- version/tibco spotfire desktop language packs/7.7.0
- canonical/tibco spotfire web player client