CVE-2020-9416: TIBCO Spotfire Stored Cross Site Scripting Vulnerability
First published: Tue Sep 15 2020(Updated: )
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.
Credit: security@tibco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Spotfire Analyst | =10.7.0 | |
| TIBCO Spotfire Analyst | =10.8.0 | |
| TIBCO Spotfire Analyst | =10.9.0 | |
| TIBCO Spotfire Analyst | =10.10.0 | |
| Tibco Spotfire Analytics Platform | =10.7.0 | |
| Tibco Spotfire Analytics Platform | =10.8.0 | |
| Tibco Spotfire Analytics Platform | =10.8.1 | |
| Tibco Spotfire Analytics Platform | =10.9.0 | |
| Tibco Spotfire Analytics Platform | =10.10.0 | |
| Tibco Spotfire Analytics Platform | =10.10.1 | |
| TIBCO Spotfire Desktop | =10.7.0 | |
| TIBCO Spotfire Desktop | =10.8.0 | |
| TIBCO Spotfire Desktop | =10.9.0 | |
| TIBCO Spotfire Desktop | =10.10.0 | |
| TIBCO Spotfire Server | =10.7.0 | |
| TIBCO Spotfire Server | =10.8.0 | |
| TIBCO Spotfire Server | =10.8.1 | |
| TIBCO Spotfire Server | =10.9.0 | |
| TIBCO Spotfire Server | =10.10.0 | |
| TIBCO Spotfire Server | =10.10.1 |
Remedy
TIBCO has released updated versions of the affected components which address these issues. TIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher TIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher TIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0 update to version 10.10.1 or higher TIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1 update to version 10.10.2 or higher
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-9416?
CVE-2020-9416 is a vulnerability in the Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server that allows a legitimate user to inject scripts.
How severe is CVE-2020-9416?
CVE-2020-9416 has a severity rating of high with a CVSS score of 5.4.
Which software versions are affected by CVE-2020-9416?
CVE-2020-9416 affects TIBCO Spotfire Analyst versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.
How do I fix CVE-2020-9416?
To fix CVE-2020-9416, it is recommended to upgrade to the latest version of TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform, TIBCO Spotfire Desktop, and TIBCO Spotfire Server.
Where can I find more information about CVE-2020-9416?
More information about CVE-2020-9416 can be found on the TIBCO Software Inc. advisory page and the TIBCO support advisories page.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/tags
- agent/first-publish-date
- agent/description
- vendor/tibco
- canonical/tibco spotfire analyst
- version/tibco spotfire analyst/10.7.0
- version/tibco spotfire analyst/10.8.0
- version/tibco spotfire analyst/10.9.0
- version/tibco spotfire analyst/10.10.0
- canonical/tibco spotfire analytics platform
- version/tibco spotfire analytics platform/10.7.0
- version/tibco spotfire analytics platform/10.8.0
- version/tibco spotfire analytics platform/10.8.1
- version/tibco spotfire analytics platform/10.9.0
- version/tibco spotfire analytics platform/10.10.0
- version/tibco spotfire analytics platform/10.10.1
- canonical/tibco spotfire desktop
- version/tibco spotfire desktop/10.7.0
- version/tibco spotfire desktop/10.8.0
- version/tibco spotfire desktop/10.9.0
- version/tibco spotfire desktop/10.10.0
- canonical/tibco spotfire server
- version/tibco spotfire server/10.7.0
- version/tibco spotfire server/10.8.0
- version/tibco spotfire server/10.8.1
- version/tibco spotfire server/10.9.0
- version/tibco spotfire server/10.10.0
- version/tibco spotfire server/10.10.1