CVE-2018-12410 Information

Description

The web server component of TIBCO Software Inc’s Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/105558 https://www.tibco.com/support/advisories/2018/10/tibco-security-advisory-october-10-2018-tibco-spotfire-statistics

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8