CVE-2019-17336 Information

Description

The Data access layer component of TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library and only applies in a situation where NTLM credentials or a credentials profile is in use. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below versions 7.12.0 7.13.0 7.14.0 10.0.0 10.0.1 10.1.0 10.2.0 10.2.1 10.3.0 10.3.1 10.3.2 10.3.3 and 10.3.4 versions 10.4.0 10.5.0 and 10.6.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.tibco.com/services/support/advisories https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-december-17-2019-tibco-spotfire-2019-17336

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5