CVE-2020-9416 — Cross-site Scripting in Software INC Tibco Spotfire Analyst

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA8.2

EPSS

0.4%

top 38.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Spotfire Analyst Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Software INC Tibco Spotfire Desktop +5 more

Timeline

PublishedSep 15

Latest updateMay 24

Description

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, an…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages8 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_analytics_platform_for_aws_marketplace6 versions+5

▶NVDtibco/spotfire_analytics_platform6 versions+5

▶CVEListV5tibco_software_inc/tibco_spotfire_server6 versions+5

▶CVEListV5tibco_software_inc/tibco_spotfire_analyst4 versions+3

▶CVEListV5tibco_software_inc/tibco_spotfire_desktop4 versions+3

🔴Vulnerability Details

GHSA

GHSA-vx8r-4fwr-hc2v: The Spotfire client component of TIBCO Software Inc↗2022-05-24

▶

CVEList

TIBCO Spotfire Stored Cross Site Scripting Vulnerability↗2020-09-15

▶