Tibco Spotfire Statistics Services vulnerabilities

CVE-2025-3115 [CRITICAL] CWE-94 CVE-2025-3115: Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution

CVE-2023-29268 [CRITICAL] CWE-434 CVE-2023-29268: The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vu The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 a

CVE-2021-23275 [HIGH] CWE-732 CVE-2021-23275: The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statisti

CVE-2021-28830 [HIGH] CVE-2021-28830: The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIB The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire S

CVE-2019-11204 [HIGH] CVE-2019-11204: The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a v The web interface component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that might theoretically allow an authenticated user to access sensitive information needed by the Spotfire Statistics Services server. The sensitive information that might be affected includes database, JMX, LDAP, Windows service account, and user

CVE-2018-12410 [CRITICAL] CVE-2018-12410: The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vuln The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software

CVE-2013-2371 [MEDIUM] CWE-200 CVE-2013-2371: The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via an unspecified HTTP request.