CVE-2019-17337 — Cross-site Scripting in Software INC Tibco Spotfire Server

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 44.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Spotfire Server Tibco Spotfire Server Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace +1 more

Timeline

PublishedDec 17

Latest updateMay 24

Description

The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_analytics_platform_for_aws_marketplace10.6.0

▶CVEListV5tibco_software_inc/tibco_spotfire_serverunspecified — 7.11.7+16

▶NVDtibco/spotfire_analytics_platform10.6.0

▶NVDtibco/spotfire_server7.11.7+16

🔴Vulnerability Details

GHSA

GHSA-2rf2-mpmq-65hv: The Spotfire library component of TIBCO Software Inc↗2022-05-24

▶

CVEList

TIBCO Spotfire Server Library Vulnerable to Reflected Cross-Site Scripting↗2019-12-17

▶