Vulnerability Description
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 10.6.0 and TIBCO Spotfire Server: versions 7.11.7 and below, versions 7.12.0, 7.13.0, 7.14.0, 10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.3.2, 10.3.3, and 10.3.4, versions 10.4.0, 10.5.0, and 10.6.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Spotfire Analytics Platform For Aws | 10.6.0 |
| Tibco | Spotfire Server | <= 7.11.7 |
Related Weaknesses (CWE)
References
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-decembeVendor Advisory
- http://www.tibco.com/services/support/advisoriesVendor Advisory
- https://www.tibco.com/support/advisories/2019/12/tibco-security-advisory-decembeVendor Advisory
FAQ
What is CVE-2019-17337?
CVE-2019-17337 is a vulnerability with a CVSS score of 5.4 (MEDIUM). The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker t...
How severe is CVE-2019-17337?
CVE-2019-17337 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-17337?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Analytics Platform For Aws, Tibco Spotfire Server.