CVE-2018-18813 — Cross-site Scripting in Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA8.8

EPSS

0.3%

top 49.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Software INC Tibco Spotfire Server Tibco Spotfire Analytics Platform FOR AWS +1 more

Timeline

PublishedJan 16

Latest updateMay 13

Description

The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_analytics_platform_for_aws_marketplaceunspecified — 10.0.0

▶CVEListV5tibco_software_inc/tibco_spotfire_serverunspecified — 7.10.1+6

▶NVDtibco/spotfire_analytics_platform10.0.0

▶NVDtibco/spotfire_server7.10.1+6

🔴Vulnerability Details

GHSA

GHSA-hfh6-wr2c-5p4w: The Spotfire web server component of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities↗2019-01-16

▶