CVE-2019-11206: TIBCO Spotfire Server Vulnerabilities With Integrity of Comments and Bookmarks
First published: Tue May 14 2019(Updated: )
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10.1.0; and 10.2.0.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analytics Platform for AWS | <=10.2.0 | |
| TIBCO Spotfire Server | <=7.11.2 | |
| TIBCO Spotfire Server | =7.12.0 | |
| TIBCO Spotfire Server | =7.13.0 | |
| TIBCO Spotfire Server | =7.14.0 | |
| TIBCO Spotfire Server | =10.0.0 | |
| TIBCO Spotfire Server | =10.0.1 | |
| TIBCO Spotfire Server | =10.1.0 | |
| TIBCO Spotfire Server | =10.2.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.2.0 and below update to 10.3.0 or higher TIBCO Spotfire Server versions 7.11.2 and below update to 7.11.3 or higher TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, and 10.2.0 update to 10.2.1 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-11206.
What is the severity level of CVE-2019-11206?
The severity level of CVE-2019-11206 is medium.
Which TIBCO products are affected by CVE-2019-11206?
The TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server versions up to 10.2.0 are affected by CVE-2019-11206.
What are the potential impacts of this vulnerability?
The vulnerability theoretically allows a malicious user to undermine the integrity of comments and bookmarks.
Where can I find more information about CVE-2019-11206?
You can find more information about CVE-2019-11206 on the following links: [SecurityFocus](http://www.securityfocus.com/bid/108405), [TIBCO Security Advisory](https://www.tibco.com/support/advisories/2019/05/tibco-security-advisory-may-14-2019-tibco-spotfire-server-2019-11206).
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/author
- agent/references
- agent/type
- agent/description
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- vendor/tibco
- canonical/tibco spotfire analytics platform for aws
- version/tibco spotfire analytics platform for aws/10.2.0
- canonical/tibco spotfire server
- version/tibco spotfire server/7.11.2
- version/tibco spotfire server/7.12.0
- version/tibco spotfire server/7.13.0
- version/tibco spotfire server/7.14.0
- version/tibco spotfire server/10.0.0
- version/tibco spotfire server/10.0.1
- version/tibco spotfire server/10.1.0
- version/tibco spotfire server/10.2.0