Product: TIBCO Spotfire®
Security Advisory for TIBCO Spotfire Web Player
Resolution:
TIBCO Spotfire Web Player vulnerabilities
Original release date: March 13, 2013
Last revised: --
Source: TIBCO Software Inc.
Systems Affected
TIBCO Spotfire Web Player below 3.3.3
TIBCO Spotfire Web Player version 4.0.X below 4.0.3
TIBCO Spotfire Web Player version 4.5.0
TIBCO Spotfire Web Player version 5.0.0
The following components are affected:
* TIBCO Spotfire Web Player Engine
Description
The TIBCO Spotfire Web Player components listed above contain critical
vulnerabilities in the handling of HTTP requests:
CVE-2013-2372 - A cross-site scripting vulnerability exists which
may allow an attacker to view or modify information.
CVE-2013-2373 - Access controls will not be properly enforced in some
circumstances. This may allow unauthorized users to access or modify
information.
TIBCO has released updated versions of the affected software products
which address these issues. TIBCO strongly recommends sites running the
affected components install the applicable update as described below.
Impact
The impact of these vulnerabilities may include information disclosure
and information modification.
Solution
For each affected system, update to the corresponding software versions:
TIBCO Spotfire Web Player version 3.3.X version 3.3.3 or higher
TIBCO Spotfire Web Player version 4.0.X version 4.0.3 or higher
TIBCO Spotfire Web Player version 4.5.X version 4.5.1 or higher
TIBCO Spotfire Web Player version 5.0.1 or higher
References
http://www.tibco.com/mk/advisory.jsp
CVE: CVE-2013-2372, CVE-2013-2373
Please see web site listed above for any updates to this advisory
Comments
0 comments
Article is closed for comments.