CVE-2018-5435Software INC Tibco Spotfire Analyst vulnerability

4 documents4 sources
Severity
9.8CRITICALNVD
CNA9.6
EPSS
1.4%
top 19.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
10
Tibco Software INC Tibco Spotfire AnalystTibco Software INC Tibco Spotfire Analytics Platform FOR AWS MarketplaceTibco Software INC Tibco Spotfire Deployment KIT+7 more
Timeline
PublishedJun 27
Latest updateMay 13

Description

The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions up to and including 7.8.0; 7.9.0; 7.9.1; 7.10.0; 7.10.1; 7.11.0; 7.12.0,

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages10 packages

CVEListV5tibco_software_inc/tibco_spotfire_desktopunspecified7.8.0+6

🔴Vulnerability Details

2
GHSA
GHSA-3f6h-wmwv-m6rx: The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc2022-05-13
CVEList
TIBCO Spotfire Product Family Remote Code Execution Vulnerability2018-06-27

💬Community

1
HackerOne
CVE-2019-5435: An integer overflow found in /lib/urlapi.c2020-12-05
CVE-2018-5435 — CRITICAL severity | cvebase