Lucene search

[email protected]CVE-2017-3181

HistoryJul 24, 2018 - 3:29 p.m.

CVE-2017-3181

2018-07-2415:29:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2017-3181

tibco

sql-injection

vulnerabilities

security

exploit

data compromise

nvd

spotfire

tibco products

web security

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

Affected configurations

NVD

Node

tibcospotfire_analystMatch7.7.0

tibcospotfire_clientMatch-

tibcospotfire_connectorsMatch7.6.0

tibcospotfire_deployment_kitMatch7.7.0

tibcospotfire_desktopMatch7.6.0

tibcospotfire_desktopMatch7.7.0

tibcospotfire_desktopMatch7.7.0developer

tibcospotfire_desktop_language_packsMatch7.6.0

tibcospotfire_desktop_language_packsMatch7.7.0

tibcospotfire_web_player_clientMatch-

CPENameOperatorVersion
tibco:spotfire_analysttibco spotfire analysteq7.7.0
tibco:spotfire_clienttibco spotfire clienteq-
tibco:spotfire_connectorstibco spotfire connectorseq7.6.0
tibco:spotfire_deployment_kittibco spotfire deployment kiteq7.7.0
tibco:spotfire_desktoptibco spotfire desktopeq7.6.0
tibco:spotfire_desktoptibco spotfire desktopeq7.7.0
tibco:spotfire_desktop_language_packstibco spotfire desktop language packseq7.6.0
tibco:spotfire_desktop_language_packstibco spotfire desktop language packseq7.7.0
tibco:spotfire_web_player_clienttibco spotfire web player clienteq-

CPE	Name	Operator	Version
tibco:spotfire_analyst	tibco spotfire analyst	eq	7.7.0
tibco:spotfire_client	tibco spotfire client	eq	-
tibco:spotfire_connectors	tibco spotfire connectors	eq	7.6.0
tibco:spotfire_deployment_kit	tibco spotfire deployment kit	eq	7.7.0
tibco:spotfire_desktop	tibco spotfire desktop	eq	7.6.0
tibco:spotfire_desktop	tibco spotfire desktop	eq	7.7.0
tibco:spotfire_desktop_language_packs	tibco spotfire desktop language packs	eq	7.6.0
tibco:spotfire_desktop_language_packs	tibco spotfire desktop language packs	eq	7.7.0
tibco:spotfire_web_player_client	tibco spotfire web player client	eq	-

CNA Affected

[
  {
    "product": "Spotfire Analyst",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.7.0"
      }
    ]
  },
  {
    "product": "Spotfire Connectors",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.6.0"
      }
    ]
  },
  {
    "product": "Spotfire Deployment Kit",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.7.0"
      }
    ]
  },
  {
    "product": "Spotfire Desktop",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.6.0"
      },
      {
        "status": "affected",
        "version": "7.7.0"
      }
    ]
  },
  {
    "product": "Spotfire Desktop Developer Edition",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.7.0"
      }
    ]
  },
  {
    "product": "Spotfire Desktop Language Packs",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.6.0"
      },
      {
        "status": "affected",
        "version": "7.7.0"
      }
    ]
  },
  {
    "product": "Spotfire Web Player Client",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "unknown",
        "version": "N/A"
      }
    ]
  },
  {
    "product": "Spotfire Client",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "unknown",
        "version": "N/A"
      }
    ]
  }
]

References

www.securityfocus.com/bid/95696

www.tibco.com/support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3181

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.2%

JSON

Related for CVE-2017-3181

cvelist1 prion1 nvd1