Lucene search

[email protected]CVE-2014-2544

HistoryApr 10, 2014 - 12:55 a.m.

CVE-2014-2544

2014-04-1000:55:09

[email protected]

web.nvd.nist.gov

tibco

spotfire

vulnerability

remote code execution

nvd

cve-2014-2544

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

85.3%

JSON

Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows remote attackers to execute arbitrary code via unknown vectors.

Affected configurations

NVD

Node

tibcoweb_playerRange≤4.0.3

tibcoweb_playerMatch4.5.0

tibcoweb_playerMatch4.5.1

tibcoweb_playerMatch5.0.0

tibcoweb_playerMatch5.0.1

tibcoweb_playerMatch5.5.0

tibcoweb_playerMatch6.0.0

Node

tibcoautomation_servicesRange≤4.0.3

tibcoautomation_servicesMatch4.5.0

tibcoautomation_servicesMatch4.5.1

tibcoautomation_servicesMatch5.0.0

tibcoautomation_servicesMatch5.0.1

tibcoautomation_servicesMatch5.5.0

tibcoautomation_servicesMatch6.0.0

Node

tibcospotfire_serverRange≤3.3.3

tibcospotfire_serverMatch4.5.0

tibcospotfire_serverMatch5.0.0

tibcospotfire_serverMatch5.0.1

tibcospotfire_serverMatch5.5.0

tibcospotfire_serverMatch6.0.0

tibcospotfire_serverMatch6.0.1

Node

tibcospotfire_professionalRange≤4.0.3

tibcospotfire_professionalMatch4.5.0

tibcospotfire_professionalMatch4.5.1

tibcospotfire_professionalMatch5.0.0

tibcospotfire_professionalMatch5.0.1

tibcospotfire_professionalMatch5.5.0

tibcospotfire_professionalMatch6.0.0

Node

tibcoanalystRange≤6.0.0

tibcodesktopRange≤6.0.0

Node

tibcodeployment_kitRange≤4.0.3

tibcodeployment_kitMatch4.5.0

tibcodeployment_kitMatch4.5.1

tibcodeployment_kitMatch5.0.0

tibcodeployment_kitMatch5.0.1

tibcodeployment_kitMatch5.5.0

tibcodeployment_kitMatch6.0.0

CPENameOperatorVersion
tibco:web_playertibco web playerle4.0.3
tibco:web_playertibco web playereq4.5.0
tibco:web_playertibco web playereq4.5.1
tibco:web_playertibco web playereq5.0.0
tibco:web_playertibco web playereq5.0.1
tibco:web_playertibco web playereq5.5.0
tibco:web_playertibco web playereq6.0.0

CPE	Name	Operator	Version
tibco:web_player	tibco web player	le	4.0.3
tibco:web_player	tibco web player	eq	4.5.0
tibco:web_player	tibco web player	eq	4.5.1
tibco:web_player	tibco web player	eq	5.0.0
tibco:web_player	tibco web player	eq	5.0.1
tibco:web_player	tibco web player	eq	5.5.0
tibco:web_player	tibco web player	eq	6.0.0