CVE-2017-5527

MEDIUM

Tibco Spotfire Analytics Platform For Aws < 7.8.0 - SQL Injection

Title source: rule

Description

TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.

References (2)

[Vendor Advisory] http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98398

Scores

CVSS v3 4.3

EPSS 0.0022

EPSS Percentile 44.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-89

Status published

Products (14)

tibco/spotfire_analytics_platform_for_aws < 7.8.0

tibco/spotfire_server

TIBCO Software Inc./TIBCO Spotfire Server < 7.0.0

TIBCO Software Inc./TIBCO Spotfire Server < 7.0.1

TIBCO Software Inc./TIBCO Spotfire Server < 7.5.0

... and 4 more

Published May 09, 2017

Tracked Since Feb 18, 2026