CVE-2013-2371 — Sensitive Information Exposure in Spotfire Statistics Services

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

5.0MEDIUMNVD

EPSS

0.5%

top 36.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Spotfire Statistics Services

Timeline

PublishedMar 15

Latest updateMay 17

Description

The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDtibco/spotfire_statistics_services3.3, 4.5.0, 5.0.0+2

🔴Vulnerability Details

GHSA

GHSA-cv78-mcm9-4pfh: The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3↗2022-05-17

▶