Vulnerabilities > Tibco > Spotfire Statistics Services > 12.0.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-09 | CVE-2025-3115 | Unspecified vulnerability in Tibco products Injection Vulnerabilities: Attackers can inject malicious code, potentially gaining control over the system executing these functions. Additionally, insufficient validation of filenames during file uploads can enable attackers to upload and execute malicious files, leading to arbitrary code execution | 9.8 |
| 2023-04-26 | CVE-2023-29268 | Unrestricted Upload of File with Dangerous Type vulnerability in Tibco Spotfire Statistics Services The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. | 9.8 |