CVE-2019-17337: TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting
First published: Tue Dec 17 2019(Updated: )
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analytics Platform for AWS | =10.6.0 | |
| TIBCO Spotfire Server | <=7.11.7 | |
| TIBCO Spotfire Server | =7.12.0 | |
| TIBCO Spotfire Server | =7.13.0 | |
| TIBCO Spotfire Server | =7.14.0 | |
| TIBCO Spotfire Server | =10.0.0 | |
| TIBCO Spotfire Server | =10.0.1 | |
| TIBCO Spotfire Server | =10.1.0 | |
| TIBCO Spotfire Server | =10.2.0 | |
| TIBCO Spotfire Server | =10.2.1 | |
| TIBCO Spotfire Server | =10.3.0 | |
| TIBCO Spotfire Server | =10.3.1 | |
| TIBCO Spotfire Server | =10.3.2 | |
| TIBCO Spotfire Server | =10.3.3 | |
| TIBCO Spotfire Server | =10.3.4 | |
| TIBCO Spotfire Server | =10.4.0 | |
| TIBCO Spotfire Server | =10.5.0 | |
| TIBCO Spotfire Server | =10.6.0 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0 update to version 10.6.1 or higher TIBCO Spotfire Server versions 7.11.7 and below update to version 7.11.8 or higher TIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4 update to version 10.3.5 or higher TIBCO Spotfire Server versions 10.4.0, 10.5.0, and 10.6.0 update to version 10.6.1 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-17337.
What is the severity of CVE-2019-17337?
The severity of CVE-2019-17337 is high with a CVSS score of 5.4.
Which software products are affected by CVE-2019-17337?
TIBCO Spotfire Analytics Platform for AWS (version 10.6.0) and TIBCO Spotfire Server (versions 7.11.7 to 10.6.0) are affected by CVE-2019-17337.
What is the nature of the vulnerability?
The vulnerability allows an attacker to perform a reflected cross-site scripting (XSS) attack.
Where can I find more information about CVE-2019-17337?
For more information about CVE-2019-17337, you can visit the TIBCO security advisories page or the TIBCO support advisories page.
- collector/nvd-index
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/event
- vendor/tibco
- canonical/tibco spotfire analytics platform for aws
- version/tibco spotfire analytics platform for aws/10.6.0
- canonical/tibco spotfire server
- version/tibco spotfire server/7.11.7
- version/tibco spotfire server/7.12.0
- version/tibco spotfire server/7.13.0
- version/tibco spotfire server/7.14.0
- version/tibco spotfire server/10.0.0
- version/tibco spotfire server/10.0.1
- version/tibco spotfire server/10.1.0
- version/tibco spotfire server/10.2.0
- version/tibco spotfire server/10.2.1
- version/tibco spotfire server/10.3.0
- version/tibco spotfire server/10.3.1
- version/tibco spotfire server/10.3.2
- version/tibco spotfire server/10.3.3
- version/tibco spotfire server/10.3.4
- version/tibco spotfire server/10.4.0
- version/tibco spotfire server/10.5.0
- version/tibco spotfire server/10.6.0