CVE-2017-3180 Multiple TIBCO Spotfire components fail to sanitize user-supplied inout and are vulnerable to cross-site scripting

🗓️ 24 Jul 2018 15:00:00Reported by certccType

TIBCO Spotfire components vulnerable to cross-site scriptin

Reporter	Title	Published	Views	Family All 6
CNVD	Cross-Site Scripting Vulnerability in Multiple TIBCO Products	6 Feb 201700:00	–	cnvd
CVE	CVE-2017-3180	24 Jul 201815:00	–	cve
EUVD	EUVD-2017-12306	7 Oct 202500:30	–	euvd
NVD	CVE-2017-3180	24 Jul 201815:29	–	nvd
OSV	CVE-2017-3180	24 Jul 201815:29	–	osv
Prion	Cross site scripting	24 Jul 201815:29	–	prion

[
  {
    "product": "Silver Fabric Enabler for Spotfire Web Player",
    "vendor": "TIBCO",
    "versions": [
      {
        "lessThanOrEqual": "2.1.2",
        "status": "affected",
        "version": "2.1.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Spotfire Analyst",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "7.6.0"
      },
      {
        "status": "affected",
        "version": "7.7.0"
      }
    ]
  },
  {
    "product": "Spotfire Analytics Platform for AWS Marketplace",
    "vendor": "TIBCO",
    "versions": [
      {
        "lessThanOrEqual": "7.0.2",
        "status": "affected",
        "version": "7.0.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Spotfire Automation Services 6",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0"
      },
      {
        "status": "affected",
        "version": "7.0.1"
      },
      {
        "lessThanOrEqual": "6.5.3",
        "status": "affected",
        "version": "6.5.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Spotfire Connectors",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.6.0"
      }
    ]
  },
  {
    "product": "Spotfire Deployment Kit",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0"
      },
      {
        "status": "affected",
        "version": "7.0.1"
      },
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "7.6.0"
      },
      {
        "status": "affected",
        "version": "7.7.0"
      },
      {
        "lessThanOrEqual": "6.5.3",
        "status": "affected",
        "version": "6.5.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Spotfire Desktop",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0"
      },
      {
        "status": "affected",
        "version": "7.0.1"
      },
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "7.6.0"
      },
      {
        "status": "affected",
        "version": "7.7.0"
      },
      {
        "lessThanOrEqual": "6.5.2",
        "status": "affected",
        "version": "6.5.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Spotfire Desktop Developer Edition",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.7.0"
      }
    ]
  },
  {
    "product": "Spotfire Desktop Language Packs",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.5.0"
      },
      {
        "status": "affected",
        "version": "7.6.0"
      },
      {
        "status": "affected",
        "version": "7.7.0"
      },
      {
        "lessThanOrEqual": "7.0.1",
        "status": "affected",
        "version": "7.0.1",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Spotfire Professional",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0"
      },
      {
        "status": "affected",
        "version": "7.0.1"
      },
      {
        "lessThanOrEqual": "6.5.3",
        "status": "affected",
        "version": "6.5.3",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Spotfire Web Player",
    "vendor": "TIBCO",
    "versions": [
      {
        "status": "affected",
        "version": "7.0.0"
      },
      {
        "status": "affected",
        "version": "7.0.1"
      },
      {
        "lessThanOrEqual": "6.5.3",
        "status": "affected",
        "version": "6.5.3",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
securityfocus	www.securityfocus.com/bid/95699
tibco	www.tibco.com//support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3180

24 Jul 2018 14:57Current

5.9Medium risk

Vulners AI Score5.9

EPSS0.0034

CWE-20