CVE-2013-2373
TIBCO Spotfire Web Player 3.3.x-4.0.x, 4.5.x, 5.0.x - Unauthenticated Info Disclosure & Data Modification
Title source: llmDescription
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.tibco.com/services/support/advisories/spotfire-advisory_20130313.jsp
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/spotfire-web-player-advisory-2013-03-12_tcm8-18480.txt
Vendor Advisory x_refsource_confirm
http://www.tibco.com/mk/advisory.jsp
Scores
EPSS
0.0027
EPSS Percentile
50.9%
Details
CWE
CWE-264
Status
published
Products (7)
tibco/spotfire_web_player
3.3
tibco/spotfire_web_player
3.3.2
tibco/spotfire_web_player
4.0
tibco/spotfire_web_player
4.0.1
tibco/spotfire_web_player
4.0.2
tibco/spotfire_web_player
4.5.0
tibco/spotfire_web_player
5.0.0
Published
Mar 15, 2013
Tracked Since
Feb 18, 2026