CVE-2019-17334 TIBCO Spotfire Analyst and Desktop Remote Code Execution Via Shared Files

🗓️ 17 Dec 2019 20:55:17Reported by tibcoType

TIBCO Spotfire vulnerability allows remote code execution via shared file

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2019-17334	12 Mar 202418:16	–	circl
CVE	CVE-2019-17334	17 Dec 201920:55	–	cve
EUVD	EUVD-2019-7745	7 Oct 202500:30	–	euvd
NVD	CVE-2019-17334	17 Dec 201921:15	–	nvd
OSV	CVE-2019-17334	17 Dec 201921:15	–	osv
Prion	Design/Logic Flaw	17 Dec 201921:15	–	prion
Symantec	Multiple TIBCO Spotfire Products CVE-2019-17334 Remote Code Execution Vulnerability	17 Dec 201900:00	–	symantec

[
  {
    "product": "TIBCO Spotfire Analyst",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.12.0"
      },
      {
        "status": "affected",
        "version": "7.13.0"
      },
      {
        "status": "affected",
        "version": "7.14.0"
      },
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.2.0"
      },
      {
        "status": "affected",
        "version": "10.3.0"
      },
      {
        "status": "affected",
        "version": "10.3.1"
      },
      {
        "status": "affected",
        "version": "10.3.2"
      },
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.5.0"
      },
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Deployment Kit",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Desktop",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "7.12.0"
      },
      {
        "status": "affected",
        "version": "7.13.0"
      },
      {
        "status": "affected",
        "version": "7.14.0"
      },
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.2.0"
      },
      {
        "status": "affected",
        "version": "10.3.0"
      },
      {
        "status": "affected",
        "version": "10.3.1"
      },
      {
        "status": "affected",
        "version": "10.3.2"
      },
      {
        "status": "affected",
        "version": "10.4.0"
      },
      {
        "status": "affected",
        "version": "10.5.0"
      },
      {
        "status": "affected",
        "version": "10.6.0"
      }
    ]
  },
  {
    "product": "TIBCO Spotfire Desktop Language Packs",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
tibco	www.tibco.com/services/support/advisories
tibco	www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17334

17 Dec 2019 20:55Current

8High risk

Vulners AI Score8

CVSS 37.6

EPSS0.0037