CVE-2022-30579 — Server-Side Request Forgery in Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace

CWE-918 — Server-Side Request Forgery3 documents3 sources

Severity

8.4HIGHNVD

CNA7.1

EPSS

0.2%

top 51.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Spotfire Analytics Platform FOR AWS Marketplace Tibco Software INC Tibco Spotfire Server Tibco Spotfire Analytics Platform +1 more

Timeline

PublishedSep 20

Latest updateSep 21

Description

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:LExploitability: 1.8 | Impact: 6.0

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_spotfire_analytics_platform_for_aws_marketplace12.0.0

▶CVEListV5tibco_software_inc/tibco_spotfire_server12.0.0

▶NVDtibco/spotfire_analytics_platform12.0.0

▶NVDtibco/spotfire_server12.0.0

🔴Vulnerability Details

GHSA

GHSA-3j96-4r54-mhqg: The Web Player component of TIBCO Software Inc↗2022-09-21

▶

CVEList

TIBCO Spotfire Server Blind SSRF vulnerability↗2022-09-20

▶