Total
28 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30579 | 1 Tibco | 2 Spotfire Analytics Platform, Spotfire Server | 2025-05-28 | N/A | 7.1 HIGH |
|
The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.
|
|||||
| CVE-2022-41558 | 1 Tibco | 4 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Desktop and 1 more | 2025-04-29 | N/A | 9.0 CRITICAL |
|
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Desktop, TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A s ...
Show More |
|||||
| CVE-2017-5527 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
|
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.
|
|||||
| CVE-2015-5712 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2025-04-12 | 4.0 MEDIUM | N/A |
|
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.
|
|||||
| CVE-2014-5285 | 1 Tibco | 1 Spotfire Server | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in the Authentication Module in TIBCO Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2, 6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to gain privileges, and obtain sensitive information or modify data, via unknown vectors.
|
|||||
| CVE-2015-5713 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.
|
|||||
| CVE-2014-2544 | 1 Tibco | 7 Analyst, Automation Services, Deployment Kit and 4 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire A ...
Show More |
|||||
| CVE-2011-3132 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2011-3134 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to modify data or obtain sensitive information via a crafted URL.
|
|||||
| CVE-2012-0690 | 1 Tibco | 4 Spotfire Analytics Server, Spotfire Professional, Spotfire Server and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
|
|||||
| CVE-2011-3133 | 1 Tibco | 2 Spotfire Analytics Server, Spotfire Server | 2025-04-11 | 4.3 MEDIUM | N/A |
|
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
|
|||||
| CVE-2023-26221 | 1 Tibco | 3 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Server | 2024-11-21 | N/A | 5.0 MEDIUM |
|
The Spotfire Connectors component of TIBCO Software Inc.'s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versio ...
Show More |
|||||
| CVE-2023-26220 | 1 Tibco | 2 Spotfire Analyst, Spotfire Server | 2024-11-21 | N/A | 5.4 MEDIUM |
|
The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, ...
Show More |
|||||
| CVE-2021-43051 | 1 Tibco | 1 Spotfire Server | 2024-11-21 | 8.5 HIGH | 7.1 HIGH |
|
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of those granted to it. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Server: versions ...
Show More |
|||||
| CVE-2021-28830 | 1 Tibco | 4 Enterprise Runtime For R, Spotfire Analytics Platform, Spotfire Server and 1 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
The TIBCO Spotfire Server and TIBCO Enterprise Runtime for R components of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contain a vulnerabili ...
Show More |
|||||
| CVE-2021-23275 | 1 Tibco | 4 Enterprise Runtime For R, Spotfire Analytics Platform, Spotfire Server and 1 more | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
The Windows Installation component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Enterprise Runtime for R - Server Edition, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Server, TIBCO Spotfire Statistics Services, TIBCO Spotfire Statistics Services, and TIBCO Spotfire Statistics Services contains a vulnerability that theoretically allows a low p ...
Show More |
|||||
| CVE-2021-23273 | 1 Tibco | 4 Analytics Platform, Spotfire Analyst, Spotfire Desktop and 1 more | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
|
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO So ...
Show More |
|||||
| CVE-2020-9416 | 1 Tibco | 4 Spotfire Analyst, Spotfire Analytics Platform, Spotfire Desktop and 1 more | 2024-11-21 | 3.5 LOW | 8.2 HIGH |
|
The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, an ...
Show More |
|||||
| CVE-2020-9408 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted. This could allow an attacker to cause the Spotfire Web Player, Analyst clients, and TERR Service into e ...
Show More |
|||||
| CVE-2019-17337 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10 ...
Show More |
|||||
| CVE-2019-17336 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources. The attacker would need privileges to save a Spotfire file to the library, and only applies in a situation where NTLM credentials, or a credentials profile is in use. Affected releases are TIBC ...
Show More |
|||||
| CVE-2019-17335 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to. The attacker would need privileges to save a Spotfire file to the library. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: ...
Show More |
|||||
| CVE-2019-11206 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow a malicious user to undermine the integrity of comments and bookmarks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.2.0, and TIBCO Spotfire Server: versions up to and including 7.11.2; 7.12.0; 7.13.0; 7.14.0; 10.0.0; 10.0.1; 10 ...
Show More |
|||||
| CVE-2019-11205 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
|
The web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains vulnerabilities that theoretically allow reflected cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: 7.14.0; 7.14.1; 10.0.0; 10.0.1; 10.1.0; 10.2.0, and TIBCO Spotfire Server: 7.14.0; 10.0.0; 10.0.1; 10.1.0; 10.2.0.
|
|||||
| CVE-2018-5436 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 7.12.0, TIBCO Spotfire Server: versions up to and including 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0.
|
|||||
| CVE-2018-18814 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
|
The TIBCO Spotfire authentication component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability in the handling of the authentication that theoretically may allow an attacker to gain full access to a target account, independent of configured authentication mechanisms. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire ...
Show More |
|||||
| CVE-2018-18813 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
|
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0.
|
|||||
| CVE-2018-18812 | 1 Tibco | 2 Spotfire Analytics Platform For Aws, Spotfire Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace versions up to and including 10.0.0, and TIBCO ...
Show More |
|||||