Vulnerability Description
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Spotfire Web Player | 3.3 |
Related Weaknesses (CWE)
References
- http://www.tibco.com/mk/advisory.jspVendor Advisory
- http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-184Vendor Advisory
- http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jspVendor Advisory
- http://www.tibco.com/mk/advisory.jspVendor Advisory
- http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-184Vendor Advisory
- http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jspVendor Advisory
FAQ
What is CVE-2013-2373?
CVE-2013-2373 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to ...
How severe is CVE-2013-2373?
CVE-2013-2373 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2373?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Web Player.