CVE-2012-0690 — Sensitive Information Exposure in Spotfire Professional

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.2%

top 55.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Spotfire Professional Tibco Spotfire Analytics Server Tibco Spotfire Server

Timeline

PublishedMar 13

Latest updateMay 17

Description

TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDtibco/spotfire_analytics_server10.0.0, 10.0.1+1

▶NVDtibco/spotfire_server6 versions+5

▶NVDtibco/spotfire_professional4.0.1

🔴Vulnerability Details

GHSA

GHSA-rr5c-m8q3-2x6w: TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server↗2022-05-17

▶

CVEList

CVE-2012-0690: TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server↗2012-03-13

▶

💬Community

Bugzilla

CVE-2012-2136 kernel: net: insufficient data_len validation in sock_alloc_send_pskb()↗2012-04-25

▶