Vulnerability Description
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Spotfire Analytics Server | 10.0.0 |
| Tibco | Spotfire Server | 3.0.0 |
| Tibco | Web Player Automation Services | All versions |
| Tibco | Spotfire Professional | <= 4.0.1 |
Related Weaknesses (CWE)
References
- http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txtVendor Advisory
- http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_201203Vendor Advisory
- http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txtVendor Advisory
- http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_201203Vendor Advisory
FAQ
What is CVE-2012-0690?
CVE-2012-0690 is a vulnerability with a CVSS score of 5.0 (MEDIUM). TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Playe...
How severe is CVE-2012-0690?
CVE-2012-0690 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0690?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Analytics Server, Tibco Spotfire Server, Tibco Web Player Automation Services, Tibco Spotfire Professional.