Lucene search

[email protected]CVE-2019-17334

HistoryDec 17, 2019 - 9:15 p.m.

CVE-2019-17334

2019-12-1721:15:12

CWE-276

[email protected]

web.nvd.nist.gov

tibco

spotfire

code execution

vulnerability

security

cve-2019-17334

nvd

tibco software inc.

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.1%

JSON

The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system. This attack is a risk only when the attacker has write access to a network file system shared with the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0, TIBCO Spotfire Deployment Kit: versions 7.11.1 and below, TIBCO Spotfire Desktop: versions 7.11.1 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.1.0, 10.2.0, 10.3.0, 10.3.1, and 10.3.2, versions 10.4.0, 10.5.0, and 10.6.0, and TIBCO Spotfire Desktop Language Packs: versions 7.11.1 and below.

Affected configurations

NVD

Node

tibcospotfire_analystRange≤7.11.1

tibcospotfire_analystMatch7.12.0

tibcospotfire_analystMatch7.13.0

tibcospotfire_analystMatch7.14.0

tibcospotfire_analystMatch10.0.0

tibcospotfire_analystMatch10.1.0

tibcospotfire_analystMatch10.2.0

tibcospotfire_analystMatch10.3.0

tibcospotfire_analystMatch10.3.1

tibcospotfire_analystMatch10.3.2

tibcospotfire_analystMatch10.4.0

tibcospotfire_analystMatch10.5.0

tibcospotfire_analystMatch10.6.0

tibcospotfire_analytics_platform_for_awsMatch10.6.0

tibcospotfire_deployment_kitRange≤7.11.1

tibcospotfire_desktopRange≤7.11.1

tibcospotfire_desktopMatch7.12.0

tibcospotfire_desktopMatch7.13.0

tibcospotfire_desktopMatch7.14.0

tibcospotfire_desktopMatch10.0.0

tibcospotfire_desktopMatch10.1.0

tibcospotfire_desktopMatch10.2.0

tibcospotfire_desktopMatch10.3.0

tibcospotfire_desktopMatch10.3.1

tibcospotfire_desktopMatch10.3.2

tibcospotfire_desktopMatch10.4.0

tibcospotfire_desktopMatch10.5.0

tibcospotfire_desktopMatch10.6.0

tibcospotfire_desktop_language_packsRange≤7.11.1

CPENameOperatorVersion
tibco:spotfire_analysttibco spotfire analystle7.11.1
tibco:spotfire_analysttibco spotfire analysteq7.12.0
tibco:spotfire_analysttibco spotfire analysteq7.13.0
tibco:spotfire_analysttibco spotfire analysteq7.14.0
tibco:spotfire_analysttibco spotfire analysteq10.0.0
tibco:spotfire_analysttibco spotfire analysteq10.1.0
tibco:spotfire_analysttibco spotfire analysteq10.2.0
tibco:spotfire_analysttibco spotfire analysteq10.3.0
tibco:spotfire_analysttibco spotfire analysteq10.3.1
tibco:spotfire_analysttibco spotfire analysteq10.3.2

CPE	Name	Operator	Version
tibco:spotfire_analyst	tibco spotfire analyst	le	7.11.1
tibco:spotfire_analyst	tibco spotfire analyst	eq	7.12.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	7.13.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	7.14.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	10.0.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	10.1.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	10.2.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	10.3.0
tibco:spotfire_analyst	tibco spotfire analyst	eq	10.3.1
tibco:spotfire_analyst	tibco spotfire analyst	eq	10.3.2

Rows per page:

1-10 of 291

CNA Affected

[
  {
    "product": "TIBCO Spotfire Analyst",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.12.0"
      },
      {
        "status": "affected",
        "version": "7.13.0"
      },
      {
        "status": "affected",
        "version": "7.14.0"
      },
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.2.0"
      },
      {
        "status": "affected",
        "version": "10.3.0"
      },
      {
        "status": "affected",
        "version": "10.3.1"
      },
      {
        "status": "affected",
        "version": "10.3.2"
      },
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.5.0"
      },
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Deployment Kit",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Desktop",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.12.0"
      },
      {
        "status": "affected",
        "version": "7.13.0"
      },
      {
        "status": "affected",
        "version": "7.14.0"
      },
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.2.0"
      },
      {
        "status": "affected",
        "version": "10.3.0"
      },
      {
        "status": "affected",
        "version": "10.3.1"
      },
      {
        "status": "affected",
        "version": "10.3.2"
      },
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.5.0"
      },
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Desktop Language Packs",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for CVE-2019-17334

symantec1 prion1 cvelist1 nvd1