CVE-2018-18812: TIBCO Spotfire Fails To Prevent Write Access to Spotfire Library
First published: Wed Jan 16 2019(Updated: )
The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO Spotfire Server versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analytics Platform for AWS | <=10.0.0 | |
| TIBCO Spotfire Server | <=7.10.1 | |
| TIBCO Spotfire Server | =7.11.0 | |
| TIBCO Spotfire Server | =7.11.1 | |
| TIBCO Spotfire Server | =7.12.0 | |
| TIBCO Spotfire Server | =7.13.0 | |
| TIBCO Spotfire Server | =7.14.0 | |
| TIBCO Spotfire Server | =10.0.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. In addition, we recommend that server administrators run the command line tool "check-external-library" to verify the consistency of the external storage. Please see the Spotfire Server Installation and Administration guide for further details. For each affected system, update to the corresponding software versions: TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher TIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher TIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to version 10.0.1 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-18812?
CVE-2018-18812 is a vulnerability in the Spotfire Library component of TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server that allows users with read-only access to modify files stored in the Spotfire Library.
How severe is CVE-2018-18812?
CVE-2018-18812 has a severity score of 5.3, which is classified as medium.
Which versions of TIBCO Spotfire Analytics Platform for AWS Marketplace are affected by CVE-2018-18812?
TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to 10.0.0 are affected by CVE-2018-18812.
Which versions of TIBCO Spotfire Server are affected by CVE-2018-18812?
TIBCO Spotfire Server versions 7.10.1, 7.11.0, 7.11.1, 7.12.0, 7.13.0, 7.14.0, and 10.0.0 are affected by CVE-2018-18812.
How can I fix CVE-2018-18812?
To fix CVE-2018-18812, it is recommended to upgrade TIBCO Spotfire Analytics Platform for AWS Marketplace to version 10.0.0 or higher, and TIBCO Spotfire Server to version 7.14.1 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/tibco
- canonical/tibco spotfire analytics platform for aws
- version/tibco spotfire analytics platform for aws/10.0.0
- canonical/tibco spotfire server
- version/tibco spotfire server/7.10.1
- version/tibco spotfire server/7.11.0
- version/tibco spotfire server/7.11.1
- version/tibco spotfire server/7.12.0
- version/tibco spotfire server/7.13.0
- version/tibco spotfire server/7.14.0
- version/tibco spotfire server/10.0.0