CVE-2019-17335 : What You Need to Know
Discover how CVE-2019-17335 affects TIBCO Spotfire Server, allowing unauthorized access to cached data. Learn about the impact, affected systems, and mitigation steps.
On December 17, 2019, TIBCO Software Inc.'s TIBCO Spotfire Server was found to have vulnerabilities that could allow unauthorized access to cached data beyond normal privileges.
Understanding CVE-2019-17335
What is CVE-2019-17335?
The vulnerability in TIBCO Spotfire Server could enable attackers to access cached data from a data source without proper authorization.
The Impact of CVE-2019-17335
- Attackers could potentially gain unauthorized access to data viewed by other users.
Technical Details of CVE-2019-17335
Vulnerability Description
The Data access layer component of TIBCO Spotfire Server has multiple vulnerabilities that could allow unauthorized access to cached data.
Affected Systems and Versions
- TIBCO Spotfire Analytics Platform for AWS Marketplace (version 10.6.0)
- TIBCO Spotfire Server versions 7.11.7 and below, 7.12.0, 7.13.0, 7.14.0, 10.0.0 to 10.6.0
Exploitation Mechanism
- Attack Complexity: High
- Attack Vector: Network
- Confidentiality Impact: High
- Privileges Required: Low
Mitigation and Prevention
Immediate Steps to Take
- Update TIBCO Spotfire Analytics Platform for AWS Marketplace to version 10.6.1 or higher
- Update TIBCO Spotfire Server versions 7.11.7 and below to version 7.11.8 or higher
- Update TIBCO Spotfire Server versions 7.12.0 to 10.3.4 to version 10.3.5 or higher
- Update TIBCO Spotfire Server versions 10.4.0 to 10.6.0 to version 10.6.1 or higher
Long-Term Security Practices
- Regularly monitor for security advisories and updates
- Implement least privilege access controls
- Conduct regular security assessments
Patching and Updates
TIBCO has released updated versions of the affected components to address these vulnerabilities.