Описание
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
Комментарий
Per: http://cwe.mitre.org/data/definitions/384.html 'CWE-384: Session Fixation'
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.0.1 (включая)
Одно из
cpe:2.3:a:tibco:spotfire_analytics_server:*:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_analytics_server:10.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:tibco:spotfire_server:3.3.0:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00377
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors.
EPSS
Процентиль: 59%
0.00377
Низкий
4.3 Medium
CVSS2
Дефекты
NVD-CWE-Other