Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-18813

The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.

Published

2019-01-16T22:29:00.310

Last Modified

2024-11-21T03:56:40.170

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application tibco spotfire_analytics_platform_for_aws ≤ 10.0.0 Yes
Application tibco spotfire_server ≤ 7.10.1 Yes
Application tibco spotfire_server 7.11.0 Yes
Application tibco spotfire_server 7.11.1 Yes
Application tibco spotfire_server 7.12.0 Yes
Application tibco spotfire_server 7.13.0 Yes
Application tibco spotfire_server 7.14.0 Yes
Application tibco spotfire_server 10.0.0 Yes
References