CVE-2018-18814: TIBCO Spotfire Authentication Vulnerability
First published: Wed Jan 16 2019(Updated: )
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analytics Platform for AWS | <=10.0.0 | |
| TIBCO Spotfire Server | <=7.10.1 | |
| TIBCO Spotfire Server | =7.11.0 | |
| TIBCO Spotfire Server | =7.11.1 | |
| TIBCO Spotfire Server | =7.12.0 | |
| TIBCO Spotfire Server | =7.13.0 | |
| TIBCO Spotfire Server | =7.14.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions: TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher TIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher TIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher TIBCO Spotfire Server versions 7.12.0, 7.13.0, and 7.14.0 update to version 10.0.0 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-18814?
CVE-2018-18814 is a vulnerability in the TIBCO Spotfire authentication component.
What software is affected by CVE-2018-18814?
The TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server versions up to 10.0.0 are affected.
What is the severity of CVE-2018-18814?
CVE-2018-18814 has a severity rating of 9.8, which is considered critical.
How can an attacker exploit CVE-2018-18814?
An attacker can theoretically gain full access to a target account through the vulnerability in the authentication component.
Are there any fixes or patches available for CVE-2018-18814?
Please refer to the TIBCO Security Advisory for information on fixes and patches for CVE-2018-18814.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/weakness
- agent/remedy
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/tibco
- canonical/tibco spotfire analytics platform for aws
- version/tibco spotfire analytics platform for aws/10.0.0
- canonical/tibco spotfire server
- version/tibco spotfire server/7.10.1
- version/tibco spotfire server/7.11.0
- version/tibco spotfire server/7.11.1
- version/tibco spotfire server/7.12.0
- version/tibco spotfire server/7.13.0
- version/tibco spotfire server/7.14.0