Vulnerabilities > Tibco > Spotfire Statistics Services > 12.0.2

DATE CVE VULNERABILITY TITLE RISK
2025-04-09 CVE-2025-3115 Unspecified vulnerability in Tibco products
Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution
network
low complexity
tibco
critical
9.8
2023-04-26 CVE-2023-29268 Unrestricted Upload of File with Dangerous Type vulnerability in Tibco Spotfire Statistics Services
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system.
network
low complexity
tibco CWE-434
critical
9.8