CVE-2017-3180 — Improper Input Validation in Silver Fabric Enabler FOR Spotfire WEB Player

CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 43.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Silver Fabric Enabler FOR Spotfire WEB Player Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Spotfire Automation Services 6 +10 more

Timeline

PublishedJul 24

Latest updateMay 13

Description

Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enable…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages21 packages

▶CVEListV5tibco/spotfire_desktop_language_packs7.0.1 — 7.0.1+3

▶NVDtibco/spotfire_desktop_language_packs7.0.1+3

▶CVEListV5tibco/spotfire_desktop_developer_edition7.7.0

▶CVEListV5tibco/spotfire_desktop6.5.2 — 6.5.2+5

▶NVDtibco/spotfire_desktop6.5.2+5

🔴Vulnerability Details

GHSA

GHSA-fw63-53rx-w22v: Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied inp↗2022-05-13

▶

CVEList

Multiple TIBCO Spotfire components fail to sanitize user-supplied inout and are vulnerable to cross-site scripting↗2018-07-24

▶