CVE-2017-3181 — CRITICAL (9.8)

Vulnerability Description

Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. The following products and versions are affected: TIBCO Spotfire Analyst 7.7.0 TIBCO Spotfire Connectors 7.6.0 TIBCO Spotfire Deployment Kit 7.7.0 TIBCO Spotfire Desktop 7.6.0 TIBCO Spotfire Desktop 7.7.0 TIBCO Spotfire Desktop Developer Edition 7.7.0 TIBCO Spotfire Desktop Language Packs 7.6.0 TIBCO Spotfire Desktop Language Packs 7.7.0 The following components are affected: TIBCO Spotfire Client TIBCO Spotfire Web Player Client

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Tibco	Spotfire Analyst	7.7.0
Tibco	Spotfire Client	-
Tibco	Spotfire Connectors	7.6.0
Tibco	Spotfire Deployment Kit	7.7.0
Tibco	Spotfire Desktop	7.6.0
Tibco	Spotfire Desktop Language Packs	7.6.0
Tibco	Spotfire Web Player Client	-

Related Weaknesses (CWE)

CWE-89

References

https://www.securityfocus.com/bid/95696Third Party AdvisoryVDB Entry
https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-januaryVendor Advisory
https://www.securityfocus.com/bid/95696Third Party AdvisoryVDB Entry
https://www.tibco.com/support/advisories/2017/01/tibco-security-advisory-januaryVendor Advisory

FAQ

What is CVE-2017-3181?

CVE-2017-3181 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple TIBCO Products are prone to multiple unspecified SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting these issu...

How severe is CVE-2017-3181?

CVE-2017-3181 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-3181?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Analyst, Tibco Spotfire Client, Tibco Spotfire Connectors, Tibco Spotfire Deployment Kit, Tibco Spotfire Desktop.