CVE-2012-0690
Description
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| tibco | spotfire_analytics_server | 10.0.0 | |
| tibco | spotfire_analytics_server | 10.0.1 | |
| tibco | spotfire_server | 3.0.0 | |
| tibco | spotfire_server | 3.0.1 | |
| tibco | spotfire_server | 3.1.0 | |
| tibco | spotfire_server | 3.1.1 | |
| tibco | spotfire_server | 3.2.0 | |
| tibco | spotfire_server | 3.3.0 | |
| tibco | web_player_automation_services | | |
| tibco | spotfire_professional | {"endIncluding":"4.0.1"} | |
References
- http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt
- http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp
- http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt
- http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp
CWEs
CWE-200
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.