CVE-2018-18814 — Improper Authentication in Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace

CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICALNVD

CNA8.8

EPSS

2.0%

top 16.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Software INC Tibco Spotfire Server Tibco Spotfire Analytics Platform FOR AWS +1 more

Timeline

PublishedJan 16

Latest updateMay 13

Description

The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_analytics_platform_for_aws_marketplaceunspecified — 10.0.0

▶NVDtibco/spotfire_analytics_platform10.0.0

▶CVEListV5tibco_software_inc/tibco_spotfire_serverunspecified — 7.10.1+5

▶NVDtibco/spotfire_server7.10.1+5

🔴Vulnerability Details

GHSA

GHSA-8qff-6cx7-vmmv: The TIBCO Spotfire authentication component of TIBCO Software Inc↗2022-05-13

▶

CVEList

TIBCO Spotfire Authentication Vulnerability↗2019-01-16

▶