Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-4554

Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire Web Player before 2.1.1 allow remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.

Security Impact Summary

CVE-2015-4554 is a security vulnerability that . Impacting 9 products from tibco, from tibco, from tibco and 6 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2015, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2015-07-21T19:59:03.037

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tibco	spotfire_deployment_kit	≤ 5.5.1	Yes
Application	tibco	spotfire_deployment_kit	6.0.0	Yes
Application	tibco	spotfire_deployment_kit	6.0.1	Yes
Application	tibco	spotfire_deployment_kit	6.0.2	Yes
Application	tibco	spotfire_deployment_kit	6.5.0	Yes
Application	tibco	spotfire_deployment_kit	6.5.1	Yes
Application	tibco	spotfire_deployment_kit	6.5.2	Yes
Application	tibco	spotfire_deployment_kit	7.0.0	Yes
Application	tibco	spotfire_professional	≤ 5.5.1	Yes
Application	tibco	spotfire_professional	6.0.0	Yes
Application	tibco	spotfire_professional	6.0.1	Yes
Application	tibco	spotfire_professional	6.0.2	Yes
Application	tibco	spotfire_professional	6.5.0	Yes
Application	tibco	spotfire_professional	6.5.1	Yes
Application	tibco	spotfire_professional	6.5.2	Yes
Application	tibco	spotfire_professional	7.0.0	Yes
Application	tibco	spotfire_web_player	≤ 5.5.1	Yes
Application	tibco	spotfire_web_player	6.0.0	Yes
Application	tibco	spotfire_web_player	6.0.1	Yes
Application	tibco	spotfire_web_player	6.0.2	Yes
Application	tibco	spotfire_web_player	6.5.0	Yes
Application	tibco	spotfire_web_player	6.5.1	Yes
Application	tibco	spotfire_web_player	6.5.2	Yes
Application	tibco	spotfire_web_player	7.0.0	Yes
Application	tibco	spotfire_desktop	≤ 6.5.1	Yes
Application	tibco	spotfire_desktop	7.0.0	Yes
Application	tibco	spotfire_desktop_language_packs	7.0.0	Yes
Application	tibco	spotfire_automation_services	≤ 5.5.1	Yes
Application	tibco	spotfire_automation_services	6.0.0	Yes
Application	tibco	spotfire_automation_services	6.0.1	Yes
Application	tibco	spotfire_automation_services	6.0.2	Yes
Application	tibco	spotfire_automation_services	6.5.0	Yes
Application	tibco	spotfire_automation_services	6.5.1	Yes
Application	tibco	spotfire_automation_services	6.5.2	Yes
Application	tibco	spotfire_automation_services	7.0.0	Yes
Application	tibco	spotfire_analyst	≤ 5.5.1	Yes
Application	tibco	spotfire_analyst	6.0.0	Yes
Application	tibco	spotfire_analyst	6.0.1	Yes
Application	tibco	spotfire_analyst	6.0.2	Yes
Application	tibco	spotfire_analyst	6.5.0	Yes
Application	tibco	spotfire_analyst	6.5.1	Yes
Application	tibco	spotfire_analyst	6.5.2	Yes
Application	tibco	spotfire_analyst	7.0.0	Yes
Application	tibco	silver_fabric_enabler_for_spotfire_webplayer	2.1.0	Yes
Application	tibco	spotfire_analytics_platform_for_aws	6.5	Yes
Application	tibco	spotfire_analytics_platform_for_aws	7.0.0	Yes

References

http://www.securitytracker.com/id/1033015 ([email protected])
http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt Vendor Advisory ([email protected])
http://www.tibco.com/mk/advisory.jsp Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1033015 (af854a3a-2127-422b-91ae-364da2661108)
http://www.tibco.com/assets/blt1fd126faba191a9f/2015-001-advisory.txt Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.tibco.com/mk/advisory.jsp Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For tibco's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.