CVE-2020-9416 — HIGH (8.2) — White Hats Nepal

Vulnerability Description

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim authenticated to the affected system these scripts will be executed at the privileges of the victim. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1, TIBCO Spotfire Desktop: versions 10.7.0, 10.8.0, 10.9.0, and 10.10.0, and TIBCO Spotfire Server: versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 10.10.0, and 10.10.1.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Tibco	Spotfire Analyst	10.7.0
Tibco	Spotfire Analytics Platform	10.7.0
Tibco	Spotfire Desktop	10.7.0
Tibco	Spotfire Server	10.7.0

Related Weaknesses (CWE)

CWE-79

References

http://www.tibco.com/services/support/advisoriesVendor Advisory
https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-septembVendor Advisory
http://www.tibco.com/services/support/advisoriesVendor Advisory
https://www.tibco.com/support/advisories/2020/09/tibco-security-advisory-septembVendor Advisory

FAQ

What is CVE-2020-9416?

CVE-2020-9416 is a vulnerability with a CVSS score of 8.2 (HIGH). The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulne...

How severe is CVE-2020-9416?

CVE-2020-9416 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-9416?

Check the references section above for vendor advisories and patch information. Affected products include: Tibco Spotfire Analyst, Tibco Spotfire Analytics Platform, Tibco Spotfire Desktop, Tibco Spotfire Server.