CVE-2018-12410 — Software INC Tibco Spotfire Statistics Services vulnerability

2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

2.2%

top 15.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Spotfire Statistics Services Tibco Spotfire Statistics Services

Timeline

PublishedOct 10

Latest updateMay 13

Description

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_statistics_servicesunspecified — 7.11.0

▶NVDtibco/spotfire_statistics_services7.11.0

🔴Vulnerability Details

GHSA

GHSA-w4j9-r5c2-rr9w: The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of↗2022-05-13

▶