Design/Logic Flaw

2023-04-2618:15:00

PRIOn knowledge base

www.prio-n.com

tibco

splus server

spotfire statistics services

unauthenticated

remote

file upload

vulnerability

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.3%

JSON

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.

CPENameOperatorVersion
spotfire_statistics_serviceseq11.6.0
spotfire_statistics_serviceseq11.6.1
spotfire_statistics_serviceseq11.6.2
spotfire_statistics_serviceseq11.7.0
spotfire_statistics_serviceseq11.8.0
spotfire_statistics_serviceseq11.8.1
spotfire_statistics_serviceseq12.0.0
spotfire_statistics_serviceseq12.0.1
spotfire_statistics_serviceseq12.0.2
spotfire_statistics_serviceseq12.1.0

Name	Operator	Version
spotfire_statistics_services	eq	11.6.0
spotfire_statistics_services	eq	11.6.1
spotfire_statistics_services	eq	11.6.2
spotfire_statistics_services	eq	11.7.0
spotfire_statistics_services	eq	11.8.0
spotfire_statistics_services	eq	11.8.1
spotfire_statistics_services	eq	12.0.0
spotfire_statistics_services	eq	12.0.1
spotfire_statistics_services	eq	12.0.2
spotfire_statistics_services	eq	12.1.0

Rows per page:

1-10 of 131

References

www.tibco.com/services/support/advisories