Lucene search

TibcoCVELIST:CVE-2018-12410

HistoryOct 10, 2018 - 12:00 a.m.

CVE-2018-12410 TIBCO Spotfire Statistics Services remote execution vulnerabilities

2018-10-1000:00:00

tibco

www.cve.org

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

The web server component of TIBCO Software Inc’s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.

CNA Affected

[
  {
    "product": "TIBCO Spotfire Statistics Services",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105558

www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVELIST:CVE-2018-12410