CVE-2017-5527
MEDIUMTibco Spotfire Analytics Platform For Aws < 7.8.0 - SQL Injection
Title source: ruleDescription
TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.tibco.com/support/advisories/2017/05/tibco-security-advisory-may-9-2017-tibco-spotfire-server
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/98398
Scores
CVSS v3
4.3
EPSS
0.0022
EPSS Percentile
44.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (14)
tibco/spotfire_analytics_platform_for_aws
< 7.8.0
tibco/spotfire_server
7.0.0
tibco/spotfire_server
7.0.1
tibco/spotfire_server
7.5.0
tibco/spotfire_server
7.6.0
tibco/spotfire_server
7.7.0
tibco/spotfire_server
7.8.0
TIBCO Software Inc./TIBCO Spotfire Analytics Platform for AWS Marketplace
7.8.0
TIBCO Software Inc./TIBCO Spotfire Server
7.0.0
TIBCO Software Inc./TIBCO Spotfire Server
7.0.1
... and 4 more
Published
May 09, 2017
Tracked Since
Feb 18, 2026