CVE-2017-3180

Опубликовано: 24 июл. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The products and versions that are affected include the following: TIBCO Silver Fabric Enabler for Spotfire Web Player 2.1.2 and earlier TIBCO Spotfire Analyst 7.5.0 TIBCO Spotfire Analyst 7.6.0 TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Analytics Platform for AWS Marketplace 7.0.2 and earlier TIBCO Spotfire Automation Services 6.5.3 and earlier TIBCO Spotfire Automation Services 7.0.0, and 7.0.1 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 6.5.3 and earlier TIBCO Spotfire Deployment Kit 7.0.0, and 7.0.1 TIBCO Spotfire Deployment Kit 7.5.0 TIBCO Spotfire Deployment Kit

Ссылки

https://www.securityfocus.com/bid/95699
Third Party Advisory
VDB Entry
https://www.tibco.com//support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3180
Vendor Advisory
https://www.securityfocus.com/bid/95699
Third Party Advisory
VDB Entry
https://www.tibco.com//support/advisories/2017/01/tibco-security-advisory-january-10-2017-tibco-spotfire-2017-3180
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:tibco:silver_fabric_enabler_for_spotfire_web_player:*:*:*:*:*:*:*:*

Версия до 2.1.2 (включая)

cpe:2.3:a:tibco:spotfire_analyst:7.5.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_analyst:7.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_analyst:7.7.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_analytics_platform_for_aws:*:*:*:*:*:*:*:*

Версия до 7.0.2 (включая)

cpe:2.3:a:tibco:spotfire_automation_services:*:*:*:*:*:*:*:*

Версия до 6.5.3 (включая)

cpe:2.3:a:tibco:spotfire_automation_services:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_automation_services:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_connectors:7.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_deployment_kit:*:*:*:*:*:*:*:*

Версия до 6.5.3 (включая)

cpe:2.3:a:tibco:spotfire_deployment_kit:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_deployment_kit:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_deployment_kit:7.5.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_deployment_kit:7.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_deployment_kit:7.7.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop:*:*:*:*:*:*:*:*

Версия до 6.5.2 (включая)

cpe:2.3:a:tibco:spotfire_desktop:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop:7.5.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop:7.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop:7.7.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop:7.7.0:*:*:*:developer:*:*:*

cpe:2.3:a:tibco:spotfire_desktop_language_packs:*:*:*:*:*:*:*:*

Версия до 7.0.1 (включая)

cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.5.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.6.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_desktop_language_packs:7.7.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_professional:*:*:*:*:*:*:*:*

Версия до 6.5.3 (включая)

cpe:2.3:a:tibco:spotfire_professional:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_professional:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_web_player:*:*:*:*:*:*:*:*

Версия до 6.5.3 (включая)

cpe:2.3:a:tibco:spotfire_web_player:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:tibco:spotfire_web_player:7.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.0034

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-20

CWE-79

Связанные уязвимости

GHSA-fw63-53rx-w22v

CVSS3: 5.4

github

больше 3 лет назад

EPSS

Процентиль: 56%

0.0034

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-20

CWE-79