Vulnerabilities > CVE-2018-12410 - Unspecified vulnerability in Tibco Spotfire Statistics Services

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

tibco

critical

NVD

Published: 2018-10-10

Updated: 2019-10-09

Summary

The web server component of TIBCO Software Inc's Spotfire Statistics Services contains multiple vulnerabilities that may allow the remote execution of code. Without needing to authenticate, an attacker may be able to remotely execute code with the permissions of the system account used to run the web server component. Affected releases are TIBCO Software Inc. TIBCO Spotfire Statistics Services versions up to and including 7.11.0.

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco Spotfire Statistics Services - Tibco Spotfire Statistics Services 3.3 Tibco Spotfire Statistics Services 4.5.0 Tibco Spotfire Statistics Services 5.0.0 Tibco Spotfire Statistics Services 7.11.0	5

Summary

Vulnerable Configurations

References