Description
TIBCO Spotfire Web Application, Web Player Application, Automation Services Application, and Analytics Client Application in Spotfire Analytics Server before 10.1.2; Server before 3.3.3; and Web Player, Automation Services, and Professional before 4.0.2 allow remote attackers to obtain sensitive information via a crafted URL.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.tibco.com/services/support/advisories/amx-be-spotfire-advisory_20120308.jsp
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/spotfire_advisory_20120308_tcm8-15731.txt
Scores
EPSS
0.0022
EPSS Percentile
44.2%
Details
CWE
CWE-200
Status
published
Products (10)
tibco/spotfire_analytics_server
10.0.0
tibco/spotfire_analytics_server
10.0.1
tibco/spotfire_professional
< 4.0.1
tibco/spotfire_server
3.0.0
tibco/spotfire_server
3.0.1
tibco/spotfire_server
3.1.0
tibco/spotfire_server
3.1.1
tibco/spotfire_server
3.2.0
tibco/spotfire_server
3.3.0
tibco/web_player_automation_services
Published
Mar 13, 2012
Tracked Since
Feb 18, 2026