Tibco Spotfire Web Player vulnerabilities

5 known vulnerabilities affecting tibco/spotfire_web_player.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH1MEDIUM4

Vulnerabilities

Page 1 of 1

CVE-2017-3180MEDIUMCVSS 5.4≤ 6.5.3v7.0.0+2 more2018-07-24

CVE-2017-3180 [MEDIUM] CWE-20 CVE-2017-3180: Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities becau Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based aut

CVE-2015-4554HIGHCVSS 7.5≤ 5.5.1v6.0.0+6 more2015-07-21

CVE-2015-4554 [HIGH] CVE-2015-4554: Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spot Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; S

CVE-2014-7195MEDIUMCVSS 4.0v6.0.0v6.0.1+2 more2014-11-21

CVE-2014-7195 [MEDIUM] CWE-200 CVE-2014-7195: Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, S Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2013-2372MEDIUMCVSS 4.3v3.3v3.3.2+5 more2013-03-15

CVE-2013-2372 [MEDIUM] CWE-79 CVE-2013-2372: Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3 Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2013-2373MEDIUMCVSS 6.4v3.3v3.3.2+5 more2013-03-15

CVE-2013-2373 [MEDIUM] CWE-264 CVE-2013-2373: The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.