Security Advisory for TIBCO Spotfire Web Player

February 09, 2024 19:25
Updated

Date Posted: 2017-01-13
Product: TIBCO Spotfire®

Problem:

Solution:

Resolution:
TIBCO Spotfire Web Player vulnerabilities

   Original release date: March 13, 2013
   Last revised: --
   Source: TIBCO Software Inc.

Systems Affected

   TIBCO Spotfire Web Player below 3.3.3
   TIBCO Spotfire Web Player version 4.0.X below 4.0.3
   TIBCO Spotfire Web Player version 4.5.0
   TIBCO Spotfire Web Player version 5.0.0

   The following components are affected:

     * TIBCO Spotfire Web Player Engine

Description

   The TIBCO Spotfire Web Player components listed above contain critical
   vulnerabilities in the handling of HTTP requests:

   CVE-2013-2372 - A cross-site scripting vulnerability exists which
   may allow an attacker to view or modify information.

   CVE-2013-2373 - Access controls will not be properly enforced in some
   circumstances.  This may allow unauthorized users to access or modify
   information.

   TIBCO has released updated versions of the affected software products
   which address these issues.  TIBCO strongly recommends sites running the
   affected components install the applicable update as described below.

Impact

   The impact of these vulnerabilities may include information disclosure
   and information modification.

Solution

   For each affected system, update to the corresponding software versions:

   TIBCO Spotfire Web Player version 3.3.X version 3.3.3 or higher
   TIBCO Spotfire Web Player version 4.0.X version 4.0.3 or higher
   TIBCO Spotfire Web Player version 4.5.X version 4.5.1 or higher
   TIBCO Spotfire Web Player version 5.0.1 or higher

References

   http://www.tibco.com/mk/advisory.jsp
   CVE: CVE-2013-2372, CVE-2013-2373

Please see web site listed above for any updates to this advisory

Related articles