CVE-2017-5527 — SQL Injection in Spotfire Analytics Platform FOR AWS

CWE-89 — SQL Injection4 documents4 sources

Severity

6.5MEDIUMNVD

CNA4.3OSV5.9

EPSS

0.2%

top 55.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Spotfire Analytics Platform FOR AWS Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Software INC Tibco Spotfire Server +1 more

Timeline

PublishedMay 9

Latest updateJul 20

Description

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_analytics_platform_for_aws_marketplace7.8.0

▶NVDtibco/spotfire_analytics_platform7.8.0

▶NVDtibco/spotfire_server6 versions+5

▶CVEListV5tibco_software_inc/tibco_spotfire_server6 versions+5

🔴Vulnerability Details

OSV

check-mk vulnerabilities↗2022-07-20

▶

GHSA

GHSA-cfr5-rfj7-vjc4: TIBCO Spotfire Server 7↗2022-05-17

▶

CVEList

TIBCO Spotfire injection vulnerabilities↗2017-05-09

▶