Vulnerabilities > Tibco > Spotfire Analytics Platform FOR AWS > 10.6.0

DATE CVE VULNERABILITY TITLE RISK
2020-03-11 CVE-2020-9408 Incorrect Default Permissions vulnerability in Tibco products
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker with write permissions to the Spotfire Library, but not "Script Author" group permission, to modify attributes of files and objects saved to the library such that the system treats them as trusted.
network
low complexity
tibco CWE-276
8.8
2019-12-17 CVE-2019-17337 Cross-site Scripting vulnerability in Tibco products
The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a vulnerability that theoretically allows an attacker to perform a reflected cross-site scripting (XSS) attack.
network
low complexity
tibco CWE-79
5.4
2019-12-17 CVE-2019-17336 Unspecified vulnerability in Tibco products
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to information that can lead to obtaining credentials used to access Spotfire data sources.
network
low complexity
tibco
6.5
2019-12-17 CVE-2019-17335 Unspecified vulnerability in Tibco Spotfire Server
The Data access layer component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains multiple vulnerabilities that theoretically allow an attacker access to data cached from a data source, or a portion of a data source, that the attacker should not have access to.
network
low complexity
tibco
6.5
2019-12-17 CVE-2019-17334 Incorrect Default Permissions vulnerability in Tibco products
The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contains a vulnerability that theoretically allows an attacker with permission to write DXP files to the Spotfire library to remotely execute code of their choice on the user account of other users who access the affected system.
network
low complexity
tibco CWE-276
8.0