Vulnerabilities > Tibco > Spotfire Analytics Platform FOR AWS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-16 | CVE-2018-18813 | Cross-site Scripting vulnerability in Tibco products The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. | 6.1 |
| 2019-01-16 | CVE-2018-18812 | Incorrect Permission Assignment for Critical Resource vulnerability in Tibco products The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains a vulnerability that might theoretically fail to restrict users with read-only access from modifying files stored in the Spotfire Library, only when the Spotfire Library is configured to use external storage. | 5.3 |
| 2018-07-24 | CVE-2017-3180 | Cross-site Scripting vulnerability in Tibco products Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. | 5.4 |
| 2018-06-27 | CVE-2018-5437 | Unspecified vulnerability in Tibco products The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for unauthorized information disclosure. | 8.8 |
| 2018-06-27 | CVE-2018-5436 | Information Exposure vulnerability in Tibco products The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. | 8.8 |
| 2018-06-27 | CVE-2018-5435 | Unspecified vulnerability in Tibco products The TIBCO Spotfire Client and TIBCO Spotfire Web Player Client components of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Deployment Kit, TIBCO Spotfire Desktop, and TIBCO Spotfire Desktop Language Packs contain multiple vulnerabilities that may allow for remote code execution. | 9.8 |
| 2017-05-09 | CVE-2017-5527 | SQL Injection vulnerability in Tibco products TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. | 6.5 |