Vulnerabilities > CVE-2022-30579 - Server-Side Request Forgery (SSRF) vulnerability in Tibco Spotfire Analytics Platform and Spotfire Server

CVSS 8.4 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

LOW

network

high complexity

tibco

CWE-918

NVD

Published: 2022-09-20

Updated: 2022-09-22

Summary

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery (SSRF) on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace: version 12.0.0 and TIBCO Spotfire Server: version 12.0.0.

Vulnerable Configurations

Part	Description	Count
Application	Tibco Tibco Spotfire Server 12.0.0 Tibco Spotfire Analytics Platform 12.0.0	2

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References