CVE-2015-5712 — Sensitive Information Exposure in Spotfire Analytics Platform FOR AWS

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 44.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Spotfire Analytics Platform FOR AWS Tibco Spotfire Server

Timeline

PublishedOct 28

Latest updateMay 17

Description

Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶NVDtibco/spotfire_analytics_platform7.0.1

▶NVDtibco/spotfire_server17 versions+16

🔴Vulnerability Details

GHSA

GHSA-vxr6-fv68-2p5q: Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5↗2022-05-17

▶

CVEList

CVE-2015-5712: Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5↗2015-10-28

▶